According to PANews, researchers Lucas Nuzzi, Kyle Waters, and Matias Android from CoinMetrics recently published their findings on Ethereum's security, stating that a 34% attack on the blockchain is no longer feasible due to the high costs involved. The estimated duration of such an attack would be eight months, with a cost exceeding $59 billion and over 1,000 nodes and $2 million in expenses on AWS alone.
Many people believe that the continuous growth of liquidity staking derivatives (LSD) poses a serious threat to the Ethereum network. However, the researchers' analysis shows that concerns about a 34% staking attack from Lido Finance validators have become unreasonable and highly exaggerated.
The researchers demonstrated that not only is such an attack extremely time-consuming, but it is also very expensive for those attempting to use LSD to attack Ethereum. Time-consuming attack simulations (TCA) showed that LSDs cannot purchase access to block templates, and contrary to assumptions, attackers would need to buy Ether (ETH).
Considering the dynamic slippage limits, the total attack cost for Ethereum is difficult to express as a time series, as unlike Bitcoin, a single attack may take several days. In terms of capital expenditure, it can be simply defined as the function of Ether's price and the total amount the attacker must stake. However, in terms of operational expenditure, it would be a function dependent on the number of active validators at the time of the attack and the long-term time span of cloud computing costs.
Applying the data to December 31, 2023, with an Ether price of $2,279, a total locked amount of 28.8 million ETH, and 899,840 validators, it is estimated that a 34% attack on the network would cost $34.39 billion. If the attack began on December 31, 2023, the attacker would need until June 14, 2024, to breach the 33% threshold.
However, as the current ETH price increases, the cost not only becomes higher but also becomes more insane and unbelievable. For example, on March 5, 2024, with an Ether price of $3,800, a total locked amount of 31.32 million ETH, or 978.88 million validators, a 34% attack on the Ethereum network would cost $59.63 billion.
Furthermore, if the attacker decided to start the attack today, they would need to spend 265 days, or until November 25, 2024, to reach the 33% threshold, as only 1,800 validators join the chain daily after the Dencun upgrade.
There are many assumptions and concerns about Bitcoin's 51% attack and Ethereum's 34% attack. However, the costs and benefits associated with implementing these attacks remain a mystery. The researchers introduced a novel model to quantify the costs of breaching the Byzantine fault tolerance thresholds of Bitcoin and Ethereum, including operational and capital expenditures associated with these attacks. The study challenges the view that there is a linear relationship between transaction fee income and network security, a common assumption made when discussing the decline of Bitcoin subsidies. Instead, the research suggests that block producers engage in speculative behavior before fee cycles, ultimately increasing network security even when fees are low and declining.