CoinMetrics researchers @LucasNuzzi, @kylewaters_, and @matiasandroid recently published their findings on the security of the Ethereum network. The report states that it is no longer feasible to launch a 34% attack on Ethereum if someone’s goal is to destroy the blockchain, as it would cost billions of dollars. The estimated cost of such an attack would exceed $59 billion over a duration of 8 months, with over 1,000 nodes on AWS and $2 million in expenses.
Many people believe that the continued growth of Liquid Staked Derivatives (LSDs) poses a serious threat to the Ethereum network. However, the researchers have shown that such an attack is not only extremely time-consuming but also prohibitively expensive for those attempting to attack Ethereum using LSDs. Simulated Time-Consuming Attacks (TCAs) show that LSDs cannot purchase access to block templates and attackers would actually need to buy Ether (ETH), contrary to assumptions.
Considering the dynamic leaky bucket mechanism, the total cost of attacking Ethereum is difficult to represent as a time series. Unlike Bitcoin, an attack on Ethereum may take multiple days. In terms of capital expenditure, it can be simply defined as a function of the price of Ether and the total amount the attacker must stake. However, in terms of operational expenditure, it would depend on the number of active validators at the start of the attack and the long-term cost of cloud computing.
Based on calculations using an Ethereum price of $2,279, a total locked amount of 28.8 million ETH, and 899,840 validators by December 31, 2023, it is estimated that a 34% attack on the network would cost $34.39 billion. If the attack were to start on December 31, 2023, the attacker would need to wait until June 14, 2024, to exceed the 33% threshold.
However, with the current rise in ETH price, the cost has not only increased but become incredibly high and unimaginable. For example, on March 5, 2024, with an ETH price of $3.8 thousand, a total locked amount of 31.32 million ETH, or 9.7888 million validators, the cost of launching a 34% attack on the Ethereum network would be $59.63 billion.
Furthermore, if attackers understand and are willing to bear this cost, and decide to launch the attack starting today, it would take them 265 days, or until Monday, November 25, 2024, to reach the 33% threshold, as only 1,800 validators are added to the chain per day after the Dencun upgrade.
There are many assumptions and concerns surrounding the 51% attack on Bitcoin and the 34% attack on Ethereum. However, the costs and benefits associated with implementing these attacks remain a mystery. The researchers have proposed a novel model to quantify the costs of breaking the Byzantine Fault Tolerance thresholds of Bitcoin and Ethereum. They introduce a new metric called Total Cost of Attack (TCA), which includes operational and capital expenditures associated with these attacks. The motivations and expected utilities of profit-driven and ideology-driven actors are explored.
The research findings indicate that the current security conditions of Bitcoin and Ethereum make attacks economically infeasible and provide empirical evidence for the Nash Equilibrium in these networks. This research also challenges the view of a linear relationship between fee revenue and network security, which is often assumed when discussing the decrease in Bitcoin subsidies. Instead, the findings suggest that block producers engage in speculative behavior before the fee cycle, which ultimately enhances network security.
We hope that our analysis contributes to the discussion of the long-term feasibility of deflationary monetary policies used in Bitcoin and Ethereum and their impact on miner incentives and network security.