Researchers at Harvard University described two strategies for attacking Ethereum 2.0’s Beacon Chain: malicious block reorganizations and deferral of finality, and also estimated their cost.
Four researchers at the Harvard School of Engineering and Applied Sciences – Michael Neuder, Daniel Moroz, Rithvik Rao, and David Parkesk – have described two possible ways to attack the signal chain Ethereum 2.0.
In the first strategy, an attacker can confirm the wrong block by initiating so-called “private forks”. Confirming one “wrong” block will only cause a minor reorganization, but this scenario can be extended to destructive attacks.
The second scenario involves a block finality delay. A hypothetical attacker could delay finality by preventing a valid block from being confirmed. In this scenario, the attacker must be recognized as suggesting a block boundary and therefore the first block of the next epoch. An attacker needs to defer finality, that is, to ensure that two consecutive blocks are not validated in a timely manner. This scenario is less likely and much more expensive.
To estimate the cost of the first attack, you first need to estimate the cost of 30% of ETH blocked for staking in Ethereum 2.0, which the attacker must control in order to carry out the attack. According to Etherscan, more than $ 6.6 billion ETH is currently blocked on the Ethereum 2.0 deposit contract.
Thus, the attacker now has to spend almost $ 2 billion (and as the network develops, this figure will grow in line with the increase in ETH blocked for staking). Once this milestone is reached, in the first scenario, the attacker must spend an additional (n-1) US dollars for each reorganization of length n, where n is the number of maliciously checked blocks. The second attack scenario would require between $ 500 and $ 1200 for each series of finality deferrals. Both options assume a probability of a successful attack of about 9%.
Last year, Messari researchers said the cost of a successful 51% attack on the Bitcoin blockchain is over $ 21 million per day. A similar attack on the Ethereum 1.x network cost about $ 2.7 million.