Cheap stake is insecure stake. Permissionless networks like Ethereum and Solana rely on the economic cost of misbehavior, but liquid staking derivatives (LSDs) like Lido and Rocket Pool decouple this cost from the underlying asset's value.
security-post-mortems-hacks-and-exploits
Blog
The Hidden Cost of Cheap Stake in Permissionless Networks
An analysis of how low staking costs on new L1s and L2s create systemic vulnerabilities, enabling cheap attacks on consensus and governance. We examine real-world risks and the trade-off between decentralization and security.
introduction
THE STAKING PARADOX
Introduction
The pursuit of low-cost staking undermines the security and decentralization it is meant to guarantee.
The validator cartel problem emerges. When staking capital pools into a few dominant providers, the network's Nakamoto Coefficient plummets, creating systemic risk that protocols like EigenLayer's restaking amplify.
Security is a derived demand. The market prices staking yield, not security itself. This creates a race to the bottom where providers like Coinbase and Binance compete on cost, externalizing the long-term risk of centralization.
key-trends
THE HIDDEN COST OF PERMISSIONLESSNESS
The Cheap Stake Attack Vector
When the cost to corrupt a network is far lower than the value it secures, the system's economic security is an illusion.
01
The Problem: Economic Security is a Ratio, Not an Absolute
Security is measured by the cost-of-corruption / value-at-risk ratio. A network with $10B TVL secured by $1B in stake has a dangerously low 10% ratio. Attackers can profit by bribing validators for less than the value they can extract, as seen in Flash Loan + Governance attacks.
<10%
Danger Zone Ratio
$1B
Example Cheap Stake
02
The Solution: Enshrined Slashing & Value-Backed Assets
Penalties must be credible and automatic. Ethereum's slashing burns stake. Cosmos ICS requires staking the native token of the consumer chain. This ties the cost of attack directly to the asset's market cap, raising the economic barrier. Celestia's data availability sampling also increases the cost to successfully withhold data.
>100%
Target Slash %
Native
Stake Asset
03
The Problem: Re-staking Creates Systemic Contagion
Protocols like EigenLayer allow ETH stake to secure other networks (AVSs). This creates correlated failure modes. A single slashing event on an AVS can cascade, destabilizing the primary Ethereum consensus layer and all other shared-security applications simultaneously.
1→Many
Failure Mode
$15B+
TVL at Risk
04
The Solution: Isolated Security & Explicit Insurance
Avoid shared slashing liabilities. Networks should either secure their own chain with a sovereign token (like dYdX v4) or use explicit insurance pools (like Babylon's bitcoin staking). This contains risk and forces each application to price its own security, revealing its true economic cost.
0
Cross-Chain Slashing
Sovereign
Security Model
05
The Problem: Delegation Dilutes Accountability
In DPoS or delegated networks like Solana, a small set of large node operators holds concentrated stake. An attacker only needs to bribe ~10-20 entities to compromise the network, not thousands of individual stakeholders. This reduces the practical cost-of-corruption far below the nominal staked value.
~20
Entities to Bribe
High
Centralization Risk
06
The Solution: Proof-of-Stake with Minimum Decentralization
Enforce geographic, client, and client-diversity requirements at the protocol level. Ethereum's anti-correlation penalties for simultaneous slashing disincentivize large, homogenous pools. The goal is to make collusion logistically infeasible, not just expensive, raising the attack's real-world coordination cost.
1000+
Target Validators
Anti-Correlation
Slashing Logic
ECONOMIC SECURITY ANALYSIS
Attack Cost Comparison: Rent-a-Validator
This table compares the real-world cost and feasibility of executing a 51% attack by renting staking power versus acquiring it directly, using Ethereum as the primary case study.
| Attack Vector / Metric | Direct Stake Acquisition (Baseline) | Liquid Staking Token (LST) Attack | Restaking Pool Attack |
|---|---|---|---|
Capital Outlay for 51% | $20B+ (6.4M ETH @ $3.1k) | $10-15B (Market Buy of stETH/rETH) | $4-8B (EigenLayer AVS Deposit) |
Attack Duration Feasibility | Months (Slashing Risk High) | Hours (LST Market Liquidity) | Minutes (Instant Withdrawal Pool) |
Primary Cost Driver | ETH Spot Price & Validator Queue | LST Premium/Discount & DEX Slippage | Pool TVL & Withdrawal Delay |
Slashing Risk During Attack | Extreme (Validator Keys Seized) | None (Attacker Holds Derivative) | High (Pool Operator Slashing) |
Ongoing OpEx During Attack | High (32 ETH per Validator) | Low (Just Gas for Trades) | Medium (Pool Operator Fees) |
Exit Liquidity & Cleanup | Slow (Exit Queue, ~1 month) | Instant (Sell LST on DEX/CEX) | Fast (Withdraw from Pool) |
Real-World Precedent | Theoretical | Theoretical (See Solana Jito) | Active Research Vector |
Mitigation by Protocol | Proof-of-Stake Slashing | LST Depeg Oracles (e.g., Oracle) | Pool-withdrawal Delays & Queues |
deep-dive
THE COST OF CAPITAL
The Security/Decentralization Trade-Off is Broken
Permissionless networks sacrifice security for decentralization by mispricing the cost of capital for validators.
Cheap stake is insecure stake. The Nakamoto Coefficient measures decentralization by the minimum entities needed to compromise a network, but it ignores the capital cost of attack. A validator with $1B in delegated stake faces a different economic disincentive than one with $1M, even if their voting power is identical.
Proof-of-Stake commoditizes security. Networks like Solana and Avalanche compete on low validator hardware costs and high throughput, which pressures staking yields downward. This creates a race to the bottom where the marginal cost of acquiring 33% of the stake becomes cheaper than the value secured.
Liquid staking derivatives (LSDs) centralize risk. Protocols like Lido and Rocket Pool abstract stake, increasing validator participation but concentrating economic power. The security model shifts from thousands of independent bond-posting entities to a few LSD governance tokens, creating a single point of failure.
Evidence: Ethereum's Nakamoto Coefficient for consensus is ~3, based on LSD providers. An attacker needs to compromise only Lido, Coinbase, and Binance to halt finality, not the underlying 900k+ validators. The trade-off is broken.
case-study
THE HIDDEN COST OF CHEAP STAKE
Case Studies in Economic Vulnerability
When securing a network is cheaper than attacking it, the economic model has failed. These case studies dissect the consequences of insufficient stake cost.
01
The Lido StETH Depeg: A $20B+ Warning
The Curve/3pool exploit triggered a cascading depeg of stETH, revealing the systemic risk of a single LSD provider dominating ~32% of all Ethereum stake. The low cost to borrow and short stETH created a profitable attack vector against the entire DeFi ecosystem built upon it.\n- Key Risk: Centralized liquidity pools became the weakest link for a decentralized asset.\n- Key Lesson: Protocol-native liquidity and diversified staking backstops are non-negotiable.
32%
Stake Share
$20B+
TVL at Risk
02
Solana's Nakamoto Coefficient of 31
Despite $4B+ in economic stake, Solana's consensus security is gated by its low Nakamoto Coefficient. This measures the smallest number of validators needed to compromise the network, which has historically hovered around 20-31. Cheap, low-performance hardware lowers the barrier to entry but concentrates influence among a few professional operators.\n- Key Risk: Low hardware costs enable cartel formation, undermining decentralization.\n- Key Lesson: Pure economic stake is insufficient; geographic, client, and client diversity are critical.
~31
Nakamoto Coeff
$4B+
Economic Stake
03
The MEV-Boost Relay Cartel
Etherean validators outsource block building to a cartel of ~10 dominant MEV-Boost relays to maximize profits. This creates a single point of censorship and failure, as seen during OFAC compliance. The economic incentive to use the top relays is so strong it overrides decentralization.\n- Key Risk: Real-world regulatory pressure can be applied through a handful of entities.\n- Key Lesson: Protocol-level PBS (Proposer-Builder Separation) is required to break relay dependency.
~10
Dominant Relays
99%
Builder Market Share
04
Avalanche Subnet Free-Rider Problem
Avalanche's subnet model allows projects to bootstrap their own chain with custom validators and low stake requirements. This creates a free-rider problem: subnets benefit from the security brand of the Primary Network but contribute minimal additional economic security to it. A major subnet failure could spill over and damage the core network's reputation.\n- Key Risk: Fragmented security budgets weaken the overall ecosystem's defense.\n- Key Lesson: Shared security models (like EigenLayer or Cosmos ICS) may be necessary for sustainable subnet economics.
50+
Active Subnets
Variable
Stake Requirements
counter-argument
THE SOCIAL LAYER
The Rebuttal: Slashing & Social Consensus
Cheap stake undermines the economic security of slashing and forces networks to rely on a fragile social consensus.
Slashing is economically irrelevant when the cost of corrupting a validator is negligible. A network with $1 billion in TVL secured by $10 million in stake has a security ratio of 100:1, making slashing penalties a rounding error for a determined attacker.
Social consensus becomes the final backstop. When cryptographic and economic guarantees fail, protocols like Ethereum and Cosmos rely on off-chain coordination to manually revert attacks, a process that is slow, subjective, and politically fraught.
This creates a two-tier security model. The cryptoeconomic layer handles routine faults, while the social layer handles catastrophic ones. This is the hidden subsidy that makes cheap-stake networks like some L2s and alt-L1s appear viable.
Evidence: The Ethereum DAO fork and the Cosmos Hub's Prop 82 (to reverse a theft) are precedents. They prove that when the cost of corruption is low relative to the value secured, social consensus is the only real enforcement mechanism.
takeaways
THE HIDDEN COST OF CHEAP STAKE
Key Takeaways for Builders & Investors
Cheap, commoditized stake from liquid staking tokens (LSTs) is eroding the security and governance foundations of permissionless networks. Here's how to navigate the risks.
01
The LST Attack Surface is a Systemic Risk
The concentration of stake in a few dominant LSTs like Lido and Rocket Pool creates a single point of failure. A governance attack or exploit on the LST contract could compromise the underlying chain's consensus.
- Lido alone controls ~32% of Ethereum stake, a critical centralization threshold.
- Attackers can acquire cheap, correlated stake to launch long-range attacks or censor transactions.
- Builders must design for slashing isolation to prevent LST failures from cascading.
32%
Lido's Share
1
Single Point
02
DVT is the Only Viable Decentralization Layer
Distributed Validator Technology (DVT), like Obol and SSV Network, is non-negotiable infrastructure. It cryptographically distributes a validator's signing key across multiple nodes, removing single points of failure.
- Enables fault-tolerant staking pools that survive node outages without slashing.
- Lowers the barrier for solo stakers and smaller operators, counteracting LST dominance.
- Investors: Back primitives that enforce decentralization at the protocol layer, not just the token layer.
>99%
Uptime
4+
Node Operators
03
Economic Security is a Function of Sunk Cost, Not Token Price
Real security comes from illiquid, skin-in-the-game stake. Liquid staking undermines this by allowing validators to hedge their risk, reducing the economic cost of acting maliciously.
- Slashing must exceed the profit from an attack. With LSTs, attackers can short the derivative.
- Builders should explore restaking with enforceable commitments (e.g., EigenLayer's intersubjective slashing) or non-transferable stake.
- The metric that matters is Cost of Corruption, not Total Value Locked (TVL).
Sunk Cost
True Security
TVL ≠Security
Key Insight
04
Governance Must Be Insulated from Liquid Markets
Liquid staking tokens grant governance rights over the underlying protocol to mercenary capital. This leads to short-term profit maximization at the expense of long-term network health.
- Vote markets and delegation exacerbate the problem, as seen in MakerDAO and Compound.
- Solutions include time-locked governance (e.g., ve-token models), non-transferable voting power, or futarchy.
- For investors, governance attack risk is now a primary diligence factor for any PoS chain.
ve-Tokens
A Partial Fix
Mercenary Capital
Core Threat
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall