According to a study by CoinMetrics researchers @LucasNuzzi, @kylewaters_, and @matiasandroid, it is no longer feasible to launch a 34% attack on the Ethereum blockchain, as it would cost billions of dollars. The study shows that such an attack would require a duration of 8 months and cost over $59 billion, with over 1,000 nodes on AWS and $2 million in expenses.
Many people have expressed concerns about the growing popularity of liquidity staking derivatives (LSD) and their potential threat to the Ethereum network. However, the researchers have demonstrated that launching such an attack is not only time-consuming but also extremely expensive for those attempting to exploit LSD to attack Ethereum. Simulations of Time Consuming Attacks (TCA) show that LSDs cannot purchase access to block templates and attackers would need to buy Ether (ETH) instead.
Due to the dynamic nature of loss constraints, the total cost of attacking Ethereum is difficult to represent as a time series. Unlike Bitcoin, an attack on Ethereum may take multiple days. In terms of capital expenditures, it can be simply defined as a function of the price of Ether and the total amount the attacker must stake. However, in terms of operational expenses, it would depend on the number of active validators at the start of the attack and the long-term costs of cloud computing.
Considering the estimated price of Ether at $2,279, a total locked amount of 28.8 million ETH, and 899,840 validators on December 31, 2023, the researchers estimate that a 34% attack on the network would cost $34.39 billion. If the attack were to start on December 31, 2023, it would take until June 14, 2024, to breach the 33% threshold.
However, with the current rise in ETH price, the cost has become even higher and incredibly astronomical. For example, on March 5, 2024, with the price of Ether at $3,800, a total locked amount of 31.32 million ETH or 978,880 validators, launching a 34% attack on the Ethereum network would cost $59.63 billion. Additionally, if the attacker decides to start the attack today, it would take 265 days, or until November 25, 2024, for the attacker to reach the 33% threshold, as only 1,800 validators are added to the chain daily since the Dencun upgrade.
There have been many assumptions and concerns regarding a 51% attack on Bitcoin and a 34% attack on Ethereum. However, the costs and returns associated with implementing these attacks remain unknown. The researchers propose a novel model to quantify the cost of breaking Byzantine fault tolerance thresholds for Bitcoin and Ethereum. They introduce a new metric called “Total Cost of Attack” (TCA), which includes operational and capital expenditures related to these attacks. They explore the motivations and expected utility of profit-driven and ideology-driven actors.
The research findings indicate that the current security state of Bitcoin and Ethereum makes attacks economically unviable and provide empirical evidence for the game-theoretic equilibrium in these networks. This research also challenges the assumption of a linear relationship between fee income and network security, which is often made when discussing the decline in Bitcoin subsidies. Instead, the findings suggest that block producers engage in speculative behavior before fee cycles, which ultimately enhances network security.
The hope is that this analysis contributes to the discussion on the long-term feasibility of deflationary monetary policies used in Bitcoin and Ethereum and their impact on miner incentives and network security.