LSTs centralize validator power. Protocols like Lido and Rocket Pool aggregate user stake, directing it to a limited set of node operators. This creates a single point of failure for long-range attacks, where an attacker rewrites chain history by controlling past validator sets.
liquid-staking-and-the-restaking-revolution
Blog
The Unseen Risk: How LSTs Amplify Long-Range Attacks
Liquid staking tokens (LSTs) like Lido's stETH create a permanent, tradeable record of historical stake distribution. This public ledger paradoxically lowers the cost for an adversary to simulate a plausible alternative chain history, amplifying the threat of long-range attacks on Proof-of-Stake networks.
introduction
THE UNSEEN RISK
Introduction: The Staking Paradox
Liquid Staking Tokens (LSTs) create systemic risk by concentrating validator control while promising decentralization.
The risk is economic, not technical. An attacker needs 33% of historical stake, not current stake. A dominant LST provider like Lido, with its fractionalized validator keys, creates a large, static target for this attack vector that traditional Proof-of-Stake (PoS) models mitigate through stake churn.
This is a coordination failure. The market optimizes for liquidity and yield via LSTs, ignoring the long-tail security risk. Unlike slashing for live network faults, there is no penalty for validators that participated in a historical attack, making collusion cost-effective.
Evidence: Lido commands over 32% of Ethereum's staked ETH. This exceeds the one-third threshold required to finalize a competing chain in a long-range attack, creating a latent systemic vulnerability that grows with LST adoption.
key-trends
THE UNSEEN RISK
The New Attack Surface: LSTs & Finality
Liquid Staking Tokens (LSTs) concentrate economic power, creating a systemic vulnerability to long-range attacks that traditional Proof-of-Stake models were designed to prevent.
01
The Problem: Economic Finality is an Illusion
Proof-of-Stake chains like Ethereum achieve finality through social consensus and slashing, not pure cryptography. A malicious validator with >33% of stake can theoretically finalize a conflicting chain. LSTs like Lido's stETH and Rocket Pool's rETH concentrate stake, making this threshold easier to reach through coercion or collusion.
- ~35% of Ethereum stake is now held by the top 3 LST providers.
- Long-range attacks are cheap: only requires key compromise, not continuous hash power.
- The 'weak subjectivity' checkpoint becomes a single point of failure.
>33%
Attack Threshold
~35%
Top 3 LST Share
02
The Amplifier: LSTs as a Centralizing Force
LSTs abstract away the slashing risk for users, divorcing economic interest from chain security. This creates a principal-agent problem where LST providers (the agents) control the validating keys, not the depositors (the principals).
- Providers like Coinbase (cbETH) and Binance (wBETH) act as centralized validators with massive stakes.
- A governance attack or regulatory seizure on a major provider could capture enough stake for an attack.
- The re-staking ecosystem (e.g., EigenLayer) further leverages this concentrated stake, compounding systemic risk.
$40B+
Total LST TVL
1-of-N
Failure Mode
03
The Solution: Enshrined Proposer-Builder Separation (PBS)
The only robust mitigation is to architecturally separate block proposal from validation. Enshrined PBS, a core part of Ethereum's roadmap, prevents a single entity from controlling both the block content and the finalization vote.
- Proposers (block builders) can be captured, but cannot finalize a false chain.
- Validators (attesters) finalize blocks but cannot censor transactions or extract MEV directly.
- This reduces the value of attacking a validator set, as the attacker cannot profit from the reorg.
2-of-2
Attack Required
Post-Dencun
Ethereum ETA
04
The Stopgap: Distributed Validator Technology (DVT)
While awaiting enshrined PBS, DVT protocols like Obol Network and SSV Network mitigate risk by splitting a validator's key across multiple nodes. This increases the cost of coercion and removes single points of failure for LST providers.
- Requires a threshold (e.g., 4-of-7) of nodes to sign, preventing a single operator from acting maliciously.
- Lido v2 has begun integrating DVT for its node operator set.
- Does not solve the long-range attack vector if the entire distributed set is compromised, but raises the bar significantly.
M-of-N
Signature Scheme
~1%
Current DVT Penetration
05
The Market Failure: LSTs Lack a Security Premium
The market prices all LSTs (stETH, rETH, cbETH) near parity, despite vast differences in their underlying security models. This indicates a market failure where users optimize for yield and liquidity while ignoring tail-risk security.
- A de-peg event due to a security failure would be catastrophic but is treated as a near-zero probability.
- Protocols like EigenLayer that accept LSTs for re-staking do not adequately risk-adjust between them, treating a centralized cbETH as equal to a decentralized rETH.
- This mispricing accelerates centralization, as the cheapest (most centralized) provider wins.
~0%
Security Discount
TVL-Driven
Market Incentive
06
The Endgame: Social Consensus is the Final Layer
All cryptographic finality fails at extreme adversarial thresholds. The final backstop is social consensus—the coordinated community decision to reject an invalid chain. LST concentration makes this process harder, not easier.
- Recovery requires a user-activated soft fork (UASF), where exchanges, RPC providers, and wallets reject the attacked chain.
- Widespread LST adoption means most users hold derivative tokens, not native ETH, adding layers of abstraction to coordination.
- The ecosystem's ability to execute a UASF is the untested, ultimate guarantee.
UASF
Final Tool
Untested
In Production
deep-dive
THE MECHANICS
The Attack Blueprint: From Theory to Cheap Execution
Liquid staking derivatives create a low-cost, high-impact attack vector by concentrating economic power and enabling cheap capital recycling.
LSTs concentrate economic power. A malicious validator with a large stake in Lido or Rocket Pool can use that same stake to attack multiple chains where the LST is used as a native asset, like Cosmos or Avalanche subnets. This rehypothecation of stake amplifies a single unit of capital.
The attack is now affordable. Traditional long-range attacks require locking massive capital for the attack's duration. With LST-based attacks, the attacker borrows stETH or rETH via Aave or Compound, executes the attack, and repays the loan. The primary cost is the borrowing fee, not the principal.
Proof-of-Stake finality is the target. Chains like Ethereum with fast finality are harder to attack. The vulnerability is highest in proof-of-stake chains with long unbonding periods, like many Cosmos SDK chains, where an attacker can rewrite history before their stake is slashed.
Evidence: A 2023 Gauntlet report modeled that borrowing 30% of stETH's supply for one week would cost under $2M in fees—a trivial sum relative to the billions secured. This creates a viable attack surface for state-level actors.
LONG-RANGE ATTACK VECTORS
Attack Cost Analysis: Native Staking vs. LST Era
Quantifies the economic and technical shifts in attack costs introduced by Liquid Staking Tokens (LSTs) compared to the native staking paradigm.
| Attack Vector / Metric | Native Staking Era | LST-Dominated Era (Current) | Implication |
|---|---|---|---|
Capital Efficiency for Attacker | 1x (Staked ETH is illiquid) | ~3-5x (via LST collateral loops on Aave, Compound) | Exponential leverage reduces effective cost |
Time-to-Attack Capital | Weeks (staking queue, unbonding period) | < 1 hour (LST secondary market liquidity) | Enables rapid, opportunistic attacks |
Slashing Risk for Attacker | High (direct slashing of validator) | Low to None (attacker holds derivative, not validator key) | Decouples financial penalty from protocol penalty |
Cost of 34% Attack (Theoretical) | $34B (34% of staked ETH at $3k/ETH) | $11B (using 3x LST leverage on 34% of supply) | Lowers the absolute capital barrier |
Obfuscation & Anonymity | Low (validator deposits are on-chain) | High (LSTs can be traded via DEXs, mixers, cross-chain) | Makes attack sourcing and attribution difficult |
Cross-Chain Attack Surface | Isolated to Ethereum consensus | Amplified (via bridged LSTs on Layer 2s, Cosmos, Solana) | A single chain's security depends on multiple foreign chains |
Protocols Most Exposed | Ethereum Consensus Layer | Omnichain Apps (LayerZero, Axelar), LST-Fi (EigenLayer, Kelp DAO) | Risk contagion across DeFi and interoperability layers |
counter-argument
THE AMPLIFICATION
Counterpoint: Isn't This Just a Weak Subjectivity Problem?
LSTs structurally amplify the classic long-range attack vector by concentrating economic weight behind a single, mutable validator set.
The attack vector is identical, but the economic scale is not. A long-range attack requires an adversary to acquire a historical validator signing key. With LSTs, compromising the operator of a major provider like Lido or Rocket Pool grants control over a super-majority stake, making the attack trivial to execute at scale.
Weak subjectivity checkpoints are a social solution to a technical-economic problem. They rely on users or clients to manually trust a recent block hash. The concentrated validator sets created by LSTs increase the probability that this social consensus fails, as the cost to corrupt the checkpoint signers plummets.
Evidence: The Ethereum beacon chain has ~40% of its stake delegated through Lido. An attacker controlling this operator set could reorg any block in history, forcing the network to rely entirely on out-of-band social coordination—a failure of the trustless design principle.
risk-analysis
THE UNSEEN RISK: HOW LSTS AMPLIFY LONG-RANGE ATTACKS
Amplification Vectors: Where the Risk Compounds
Liquid Staking Tokens (LSTs) create a systemic dependency where a single protocol failure can cascade across the entire DeFi ecosystem.
01
The Problem: Concentrated Economic Security
LSTs like Lido's stETH and Rocket Pool's rETH concentrate stake from thousands of users into a few node operators. This creates a single point of failure where a 51% attack on the underlying chain becomes cheaper and more likely, as an attacker only needs to compromise a handful of entities instead of a globally distributed validator set.
>30%
Lido's Ethereum Share
~10
Key Node Operators
02
The Solution: Enshrined, Non-Custodial Staking
Networks must prioritize enshrined staking at the protocol level, as seen with Ethereum's solo staking and Solana's native delegation. This eliminates the intermediary risk of LST protocols and ensures the validator set's economic security is directly tied to the chain's native token, making long-range attacks astronomically expensive.
~1M
Solo Validators
32 ETH
Atomic Slash Unit
03
The Problem: Recursive DeFi Leverage
LSTs are used as collateral across Aave, Compound, and MakerDAO, creating a recursive leverage loop. A depeg or slash event triggers mass liquidations, collapsing the collateral value of billions in DeFi TVL. This transforms a staking failure into a systemic liquidity crisis.
$10B+
LST Collateral Value
3-5x
Effective Leverage
04
The Solution: Isolated Risk Modules & Circuit Breakers
DeFi protocols must implement isolated risk modules for LST collateral, as pioneered by Aave's GHO facilitator model. This involves lower Loan-to-Value (LTV) ratios, dedicated liquidity pools, and on-chain circuit breakers that freeze markets during extreme volatility, preventing contagion.
~65%
Max LST LTV
0
Contagion Events
05
The Problem: Oracle Manipulation & Synthetic Depegs
LST price feeds from Chainlink or Pyth are critical for DeFi stability. An attacker who gains control of a major LST's validator set can create a synthetic depeg by censoring transactions or manipulating consensus, fooling oracles and triggering faulty liquidations worth billions.
1-2s
Oracle Update Latency
$100M+
Flash Loan Attack Surface
06
The Solution: Decentralized Oracle Networks & Slashing Insurance
Mitigation requires decentralized oracle networks (DONs) with diverse data sources and validation delays. Protocols like EigenLayer enable cryptoeconomic security for oracles. Additionally, LST providers must offer native slashing insurance, funded from protocol fees, to make users whole in a failure.
100+
Oracle Nodes
>100%
Covered Slashing
future-outlook
THE SOLUTIONS
Mitigations & The Path Forward
Addressing the systemic risk of LST-amplified long-range attacks requires protocol-level changes and a fundamental shift in validator economics.
Mitigation requires protocol-level changes. Client teams must implement weak subjectivity checkpoints or finality gadgets to create a definitive chain history. This prevents attackers from rewriting the entire chain, even with a supermajority of stake acquired cheaply from past epochs.
Validator slashing is insufficient. The cost-of-corruption model fails when an attacker acquires old, un-slashable stake. Solutions like EigenLayer's in-protection slashing for restaked assets are a step forward, but they don't retroactively protect the base chain.
The path forward is economic finality. Protocols must design for proposer-builder separation (PBS) and credibly neutral MEV distribution to disincentivize centralized stake accumulation. This reduces the single-point-of-failure risk that LSTs create.
Evidence: The Ethereum Merge introduced a soft social layer for reorg resistance, but formalized solutions like Vitalik's single-slot finality (SSF) proposal are the definitive technical fix required to neutralize this attack vector permanently.
takeaways
LST SYSTEMIC RISK
TL;DR for Protocol Architects
Liquid Staking Tokens create a hidden consensus attack vector by concentrating stake and introducing new settlement layers.
01
The Attack Vector: Rehypothecation of Stake
LSTs like Lido's stETH and Rocket Pool's rETH decouple staked ETH from its governance rights, creating a derivative layer. Attackers can borrow massive amounts of LSTs to mount a long-range attack without ever touching the beacon chain, exploiting the liquidity/stake duality.
- Attack Cost: Determined by LST liquidity, not total staked ETH.
- Target: Weaker consensus clients or minority forks where borrowed stake is re-voted.
$30B+
LST TVL
>33%
Lido's Share
02
The Amplifier: Cross-Chain LST Bridges
Bridges like LayerZero and Wormhole export staked ETH's economic weight to other chains (e.g., Solana, Avalanche). This creates remote attack surfaces where a compromise on a secondary chain (e.g., via a bridge hack) can be used to manipulate the borrowed LST supply, indirectly threatening Ethereum consensus.
- Risk Multiplier: Adds smart contract risk to pure crypto-economic attacks.
- Scope: Turns a chain-specific issue into a cross-chain systemic risk.
10+
Chains Exposed
Bridge-Dependent
Attack Path
03
The Mitigation: Enshrined LST Limits & Slashing
Protocols must design for LSTs as a first-class risk. Solutions include hard-capping LST dominance (like Ethereum's proposed 22% limit), implementing LST-specific slashing for malicious voting, and requiring direct stake backing proofs for DeFi collateral. EigenLayer's restaking model further complicates this by adding another leverage layer.
- Design Imperative: Treat LST liquidity pools as part of the validator set.
- Tooling: Monitor borrow APR spikes and LST/ETH depeg events as attack signals.
22%
Proposed Cap
Real-Time
Monitoring Needed
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall