Thread
Given the large number of PoS blockchains there are now with a wide variety of value securing them, how many hacks have there been where PoS has been compromised?

Whereas how many hacks have there been due to smart contract vulnerabilities / multisig/priv keys being compromised?
Don't fall for the shared security meme and think that rollups, dapps etc built on an L1 share the same security as the L1 when they all add their own security assumptions - whether that be through smart contract risk, multisig upgrade rights, centralised sequencer without proofs
If I build a DAPP on Ethereum with admin keys / upgrade rights & steal all the funds, (or there is just a security vulnerability that results in all funds being lost), it should hopefully be clear to all these new people getting into crypto that it doesn't share the same security
as Ethereum.

Even highly anticipated products such as Eigenlayer add their own smart contract risk, centralised DAO who can veto slashing, and only a % of the stake securing Ethereum is leveraged to secure many products (nothing bad happens when we add lots of leverage right?)
Whilst the initial small amount of ETH securing it may be valued higher (even ignoring all the other risks), when compared to an L1 where 60% of the tokens are already staked, to actually acquire 2/3+1 stake will end up costing far more as the price will increase exponentially.
Whilst hopefully decentralised sequencers come (which will need token incentives / stake as well as adding additional latency / complexity / attack vectors), additional smart contract risk will always remain.
Upgradeability of the contracts secured by a multisig will also not be easy to just remove when Ethereum is continuously evolving and the need to ensure compatibility as well as add new functionality to the L2 and fix security vulnerabilities as they arise.
Timelocks can help with upgrading for functionality, but platform remains vulnerable if a security vulnerability is found for the time period where funds can be stolen. It can also be challenging to provide a fix for any vulnerabilties without an attacker reverse engineering
so they become aware of the vulnerability and exploit it, whilst also doing it in an open way where people can understand what upgrades are taking place and whether they need to withdraw their funds or not.
Whilst Ethereum is my biggest holding and it's great to see much faster development in the ecosystem - can you imagine how long it would have take for zkevm without L2s? it's also important not to give people a false sense of security with the shared security meme
and how all other solutions are inferior /other L1s are centralised when in fact L2's are more centralised /less censorship resistant than the L1s you are criticising. Rollups, eigenlayer are all very promising, but it's not going to be one solution is best for every situation.
I would hate to see a rollup get hacked and people lose funds, but as more L2's get deployed (and there will no doubt be many forks) especially given the current regulatory environment, I do have concerns about the way things are going and how little pushback there is at times
Mentions
See All