What Prevents Large Validators From Taking Over Ethereum?
- Ethereum’s upgrade to Proof-of-Stake has sparked concerns over the network’s resiliency against 51% attacks.
- The top four staking entities account for 59.6% of the total staked ETH.
- However, user-activated soft forks (UASFs) ensure that bad actors cannot take over the network, no matter how big their stake.
Share this article
Proof-of-Stake critics have sounded the alarm on Ethereum’s new Proof-of-Stake consensus mechanism, claiming it makes the network susceptible to hostile network takeovers. However, Ethereum’s new system contains a failsafe to mitigate this risk and allows users to burn the funds of any attacker attempting to take control of the blockchain.
Ethereum’s Vulnerability to 51% Attacks
Ethereum’s recent switch away from Proof-of-Work has raised questions about the network’s ability to fend off attacks.
On September 15, Ethereum successfully upgraded its consensus mechanism to Proof-of-Stake. Among other things, the event, now known in the crypto community as the “Merge,” passed block production duties from miners to validators. Contrary to miners, which use specialized hardware, validators only need to stake 32 ETH to gain the right to process transactions.
However, some crypto community members have been quick to point out that most of Ethereum’s validating power is now in the hands of just a few entities. Data from Dune Analytics indicate that Lido, Coinbase, Kraken, and Binance account for 59.6% of the total staked ETH market share.
This high concentration of staking power has raised concerns that Ethereum may be vulnerable to 51% attacks—a term used in the crypto space to designate a hostile takeover of a blockchain by an entity (or group of entities) in control of the majority of block processing power. In other words, the worry is that large staking entities could collude to rewrite parts of Ethereum’s blockchain, change the ordering of new transactions, or censor specific blocks.
The possibility of a 51% attack became particularly salient after the U.S. government’s ban on Tornado Cash. On August 8, the U.S. Treasury Department added privacy protocol Tornado Cash to its sanctions list, arguing cybercriminals used the crypto project for money-laundering purposes. Coinbase, Kraken, Circle, and other centralized entities quickly complied with the sanctions and blacklisted Ethereum addresses associated with Tornado Cash. So what would prevent these companies from using their staking power to censor transactions on Ethereum’s base layer if the Treasury ordered them to?
As Ethereum creator Vitalik Buterin and other developers have argued, the network still has an ace up its sleeve: the possibility of implementing user-activated soft forks (UASFs).
What Is a UASF?
A UASF is a mechanism by which a blockchain’s nodes activate a soft fork (a network update) without needing to obtain the usual support from the chain’s block producers (miners in Proof-of-Work, validators in Proof-of-Stake).
What makes the procedure extraordinary is that soft forks are normally triggered by block producers; UASFs, in effect, wrest control of the blockchain from them and temporarily hand it over to nodes (which can be operated by anyone). In other words, a blockchain community has the option of updating a network’s software regardless of what miners or validators want.
The term is typically associated with Bitcoin, which notably triggered a UASF in 2017 to force the activation of the controversial SegWit upgrade. But Ethereum’s Proof-of-Stake mechanism was designed to enable minority-led UASFs specifically to fight against 51% attacks. Should an attacker attempt to take control of the blockchain, the Ethereum community could simply trigger a UASF and destroy the entirety of the malicious actor’s staked ETH—reducing their validating power to zero.
In fact, Buterin has claimed that UASFs make Proof-of-Stake even more resistant to 51% attacks than Proof-of-Work. In Proof-of-Work, attackers simply need to acquire the majority of the hashrate to take over the blockchain; doing so is costly, but there is no other penalty besides that. Bitcoin can change its algorithm to render some of the attacker’s mining power useless, but it can only do so once. On the other hand, Proof-of-Stake mechanisms can slash an attacker’s funds as many times as necessary through UASFs. In Buterin’s words:
“Attacking the chain the first time will cost the attacker many millions of dollars, and the community will be back on their feet within days. Attacking the chain the second time will still cost the attacker many millions of dollars, as they would need to buy new coins to replace their old coins that were burned. And the third time will… cost even more millions of dollars. The game is very asymmetric, and not in the attacker’s favor.”
Slashing Is the Nuclear Option
When asked whether Coinbase would ever (if asked by the Treasury) use its validating power to censor transactions on Ethereum, Coinbase CEO Brian Armstrong stated that he would rather “focus on the bigger picture” and shut down the exchange’s staking service. While there’s little reason to doubt the sincerity of his answer, the possibility of a UASF likely played a role in the equation. Coinbase currently has over 2,023,968 ETH (approximately $2.7 billion at today’s prices) staked on mainnet. The exchange’s entire stack could be slashed if it tried censoring Ethereum transactions.
It’s important to note that slashing is not Ethereum’s only option in case of a malicious takeover. The Ethereum Foundation has indicated that Proof-of-Stake also allows honest validators (meaning validators not attempting to attack the network) to “keep building on a minority chain and ignore the attacker’s fork while encouraging apps, exchanges, and pools to do the same.” The attacker would keep their ETH stake, but find themselves locked out of the relevant network going forward.
Finally, it’s worth mentioning that Ethereum’s staking market isn’t quite as centralized as it may initially seem. Lido, which currently processes 30.1% of the total staked ETH market, is a decentralized protocol that uses over 29 different staking service providers. These individual validators are the ones in control of the staked ETH—not Lido itself. Thus, collusion between major staking entities would be much more difficult to organize than it would initially appear.
Disclaimer: At the time of writing, the author of this piece owned BTC, ETH, and several other cryptocurrencies.