Category: Operations / Direct Action

Author: Kollan House

Amount: $360,000 USDC, 12-month term

Summary

I am asking to approve $360,000 USD to retain Groom Lake's Security Services for twelve months.

Importantly this will encompass due diligence on the founders raising on MetaDAO. The engagement would provide intelligence, security engineering/operations, and incident response support for MetaDAO.

These services will be assessed quarterly and with a 30 day notice period can be terminated by either party.

Why I'm bringing this now

The exploited numbers this year are concerning and continue to trend upward. According to Hacken's Q1 report, losses totalled $482M across 44 different incidents, with about two-thirds of them directly attributable to phishing and social engineering attacks. Six audited protocols were compromised during the quarter, including one with eighteen prior audits. April was even worse with $606M in losses across twelve separate incidents, a rate of almost four times the entire previous quarter.

DPRK-linked actors are reportedly behind about 76% of this year's hack related losses and MetaDAO may face elevated risk exposure. Recent incidents demonstrate that human vulnerability rather than code is the key to the success of these attacks.

What Groom Lake provides

Three primary categories, though in practice they integrate into each other

First, they would establish an Intelligence Effort. This is likely the area with the greatest immediate utility, as it would strengthen both due diligence and counterintelligence capabilities. The Groom Lake team will conduct deep background investigations and identify exposed or compromised data relating to both current team members and prospective founders.

Intelligence campaigns give us the ability to make any specific request for strategic information - counterparty risk, targeted threats, ecosystem insights, supply chain risks, etc. On-chain forensics, plus their internal tooling such as Baitbuster to take down phishing sites and Reaper for exposed data on founders to front run social engineering which would materially expand out defensive and investigative capabilities.

The Security Component includes the core capabilities expected of a mature cybersecurity program: continuous infrastructure monitoring, operational security (OPSEC) audits covering internal communications and access controls, recurring penetration testing for both software systems and physical environments, DNS hardening, vulnerability scanning, third-party vendor risk analysis, and ongoing support for security engineering requirements as they occur over time.

Incident Response is the capability you hope is never necessary, but one that is critical to have. This includes a 24/7 response hotline staffed by live, experienced operators, coordination with exchanges and law enforcement, rapid deployment of personnel on-site within 24 hours if required, and a comprehensive post-incident analysis, including attribution efforts when possible.

Expanding and strengthening our engagement with Groom Lake at this level is our next logical security step, particularly given the increasing frequency and sophistication of recent attacks across the digital asset industry.

Groom Lake’s operators bring experience from organizations including the National Security Agency, United States Cyber Command, NATO, United States Department of Homeland Security, the Ministry of Defence, Defence Science and Technology Laboratory, Raytheon, and BAE Systems.

The ask

Approval authorizes $360,000 USDC to the Squads Altitude account of Organization Technology for payment to Groom Lake under a twelve-month service agreement. This agreement will be evaluated per quarter and can be terminated by either party given a 30 day notice.

This engagement falls outside the scope of our previously approved security budget, which is why it is being presented for market approval rather than authorized through the normal operational processes. The proposed cost is $30,000 per month for a twelve-month term.

Recognize that given the current threat environment the cost of a single successful incident at our scale would likely exceed this security cost many times over. Importantly, the services proposed are specifically aligned with the recent attack vectors that have proven most effective throughout 2026, particularly the social engineering, operational compromise, and targeted ecosystem attacks.

Approval of this proposal authorizes the transfer of 360,000 USDC to the Squads Altitude account of Organization Technology for payment to Groom Lake pursuant to a twelve-month service agreement.