Following Ethereum's transition from Proof-of-Work (PoW) to Proof-of-Stake (PoS), many ESG-oriented investors were delighted that the Ethereum network reduced its energy footprint by ~99.95%. However, since The Merge was completed on Sept. 15, ETH is down by 22%.

Outside of the bear market affecting all crypto assets, has the new PoS Ethereum introduced a new set of vulnerabilities? Specifically, those relating to Ethereum's centralization and censorship resistance?

The Merge Implications

In mid-September, the multi-year preparation for docking Ethereum's PoW chain with the PoS Beacon Chain finally paid off. Without major problems, miners were rendered obsolete, having been replaced with ETH-staking validators. Thus, a new ecosystem of validator staking was born.

Ethereum Staking Deposits Dune

This means that Ethereum shifted away from GPU miners to generate blocks. Instead, the new block-generating validators had to stake a minimum of 32 ETH to be eligible. In other words, this rearranged Ethereum's power structure from the physical world (computational hashes) to the financial world (capital).

According to Ethereum.org, a successful 51% attack in a staking system would necessitate around $15 billion to execute. This way, validators could "use their own attestations to ensure their preferred fork was the one with the most accumulated attestations."

This aligns with the Kraken report on the viability of Proof-of-Stake blockchains. For instance, a PoS network with $100 billion TVL would have to be compromised/overtaken by validators holding $33 billion in staked ETH, or 33% of the network's value. From this data, it is then a matter of seeing how centralized is Ethereum's staking infrastructure.

Ethereum Staking Allocation

There are many depositors in charge of Beacon Chain staking, but not as many as one would assume. Although there are over 449,000 validators, Ethereum staking is largely in the control of centralized exchanges and VC-backed firms like Lido Finance.

Beacon Chain Staking Depositors Dune

Moreover, such staking allocation can shift as easily as business winds and partnerships shift. For instance, Sam Bankman-Fried, the billionaire FTX CEO, could go on a shopping spree and buy half a dozen companies listed here. This is even more likely in a bear market, which suppresses companies' valuations.

To put it differently, without a Proof-of-Work which sets hard physical limitations, capital can exchange hands rapidly and far beyond such constraints. With that said, Ethereum does employ a form of social sanction known as slashing, reducing the staked ETH of malicious actors.

Furthermore, Vitalik Buterin noted that a minority of stakers could "coordinate on a minority user-activated soft fork (UASF) in which the attacker's funds are once again largely destroyed."

Nonetheless, a PoW model is preventative, requiring exorbitant and impractical mining infrastructure, while the PoS model relies on post-attack social governance.

Ethereum Node Providers

Alongside the staking structure, there is a deeper level to consider — who hosts validator nodes? According to the latest data provided by ethernodes.org, nearly 80% of validator nodes are hosted by just three companies: Amazon (AWS), Google Cloud and Hetzner Online GmbH.

Validator Nodes Hosted by ISPs ethernodes

Outside of less known Hetzner, both Google and Amazon are known for aggressive censorship regimes, typically applied arbitrarily based on current cultural/political winds. Amazon Web Services (AWS), in particular, has a large 32% share of the total cloud service market, giving Amazon an entry with other companies.

Consequently, these corporations tend to collude with each other in order to deplatform targets, as compiled by acclaimed journalist Glenn Greenwald. Overall, this makes Ethereum highly vulnerable to central points of failure.

Miner Extractable Value (MEV) Censorship Potential

Previously known as "Miner Extractable Value", the acronym changed to Maximal Extractable Value (MEV) just prior to The Merge. MEV represents the measure of profits that block-generating validators can extract whenever someone commits a transaction on the Ethereum network.

Specifically, block-producing validators gain MEV by reordering transactions, as a form of arbitrage. Equally, they can front-run large transaction batches and even censor transactions within produced blocks. The potential of MEV censorship is such that a specialized website was launched just to keep track of how many MEV-Boost relays are OFAC compliant.

Post-Merge Censorship Compliant Blocks MEV Watch

MEV-Boost Relays are an intermediary infrastructure between block producers and block builders, enabling Ethereum validators to offer FlashBots and builders to occupy their blockspace.

In turn, FlashBots were designed to counter MEV downsides, by producing private transaction pools. In them, "searchers," as non-validating participants, place transactions to relays, so they are broadcasted to validators. Post-Merge, FlashBots were responsible for relaying 82% of transaction blocks, greatly centralizing Ethereum.

Practical Implications of Ethereum's Centralization

In practice, this means that any time a government agency issues a decree, Ethereum transactions could be banned. For instance, when the Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash currency mixer, it released a compliance wave across the network's infrastructural cogs leading to the freezing of USDC stablecoins.

USDC Banned Wallets Dune

Because USDC is an integral part of DeFi's ecosystem, involved with the most popular DApps like Aave, Uniswap, or Compound, it became apparent that DeFi is provisionally decentralized thanks to Ethereum's heightened centralization.

On Sept. 28, Ethereum researcher Toni Wahrstätter additionally provided data on FlashBots. It turned out that out of 19,436 blocks verified by aforementioned Mev-Boost Relays, not a single one integrated Tornado Cash transactions.

Furthermore, Lachan Feeney of Labrys analytics concluded that about 45% of all Ethereum blocks complied with the U.S. Treasury sanction of Tornado Cash. To make things worse, Tornado Cash itself is an open-source protocol, so its sanction is in direct opposition to two established legal precedents:

  • Ruling of the Ninth Circuit Court of Appeals, in 1999, in favor of Daniel J. Bernstein to freely share his source code.
  • Ruling in the Citizens United vs. FEC, by which money equals free speech.

In the meantime, Coin Center filed a lawsuit against the U.S. Treasury, stating that "the Administration's use of the foreign-affairs power to punish domestic cryptocurrency users was unprecedented and unlawful."

However, such legal proceedings typically take years to complete, which leaves plenty of space for Ethereum FlashBots to adopt new censorship rules. In conclusion, it seems that the largest smart contract platform has become decentralized in name only.

Ethereum Merge Chain
Ethereum Merge Chain Unsplash/Akinori UEMURA