Ethereum Vulnerable To Attack With Just 33% ETH Staked, Expert Warns
You don't need 100% of ETH staked to attack Ethereum. 33% is enough to disrupt finality, 50% to prolong a chain split, and 66% to double spend
A recent poll conducted by Christine Kim, a researcher at Galaxy Digital, has revealed significant misconceptions within the Ethereum community regarding the blockchain's economic security. The poll, which asked the crypto community to assess the security threshold of ETH staked in securing the blockchain, indicated a lack of awareness about the actual risks of an attack.
Respondents to the poll displayed the following beliefs about Ethereum's security:
44.9% believed that securing Ethereum requires 100% of all ETH staked, amounting to $110 billion, 31.4 million ETH.
20.4% thought 66.6% of staked ETH was sufficient, equivalent to $73.4 billion, 20.9 million ETH.
34.7% felt that only 33.3% of staked ETH, or $36.7 billion, 10.4 million ETH, was required for security.
Addressing these misconceptions, Christine Kim emphasized the actual vulnerabilities of Ethereum's Proof-of-Stake (PoS) mechanism in a detailed follow-up on X. Kim highlighted, "You don't need 100% of ETH staked to attack Ethereum. 33% is enough to disrupt finality, 50% to prolong a chain split, and 66% to double spend."
She added, "Security primarily depends on the network's ability to penalize stakers by burning large amounts of the value they've locked. The worse the attack, the more value stakers stand to lose. It's important to understand what's really at stake here (pun fully intended)."
Further elaboration from the Ethereum Foundation explains the technical underpinnings of these vulnerabilities. An article by the foundation, referenced by Kim, states, "Attackers using >= 33% of the total stake make all of the attacks mentioned previously more likely to succeed... 33% of the staked ether is a benchmark for an attacker because with anything greater than this amount they have the ability to prevent the chain from finalizing without having to finely control the actions of the other validators."
For attacks involving 34% of the total stake, the article detailed a possible scenario of "double finality" where an attacker can manipulate the validation of two conflicting blockchain forks simultaneously. This form of attack is characterized by significant coordination and control over the timing of messages within the network, posing a high risk due to potential slashing of the attacker's entire staked amount.
Higher levels of controlled staking, such as 50% and 66%, increase the potential for more severe disruptions, including sustained chain splits and transaction censorship or reversal. The foundation's article elaborates, "At >50% of the total stake the attacker could dominate the fork choice algorithm... enabling the attacker to censor certain transactions, do short-range reorgs and extract maximum MEV by reordering blocks in their favor."
