The Merge was a success, but are there still risks?
It’s official. At 6:43 a.m. UTC, on September 15th, Ethereum’s Merge was initiated and was finalized about 15 minutes later to the great excitement of the 41,000+ viewers of the YouTube «Ethereum Mainnet Merge Viewing Party» and local viewing parties wherever there is a crypto community. With this switch from PoW to PoS, Ethereum cut 99.99% of its energy usage (estimated around 0.02% of global energy usage, roughly the equivalent of Finland). It also eliminated the role of miners, relying instead on a system of validators.
While the merge went as smoothly as could be hoped (so far), what lingering risks are there for the Ethereum ecosystem following the merge? Are we fully in the clear?
Consolidation of power
Crypto mining spawned an entire industry, first with enthusiasts using store-bought computers and eventually with big companies building industrial mining farms in countries like China and Kazakhstan. Post-merge, mining is obsolete in Ethereum, replaced by validators working on a very simple principle: the more ETH you have → the more you can stake → the more you can earn. This presents a risk of an oligopoly of big ETH holders.
And we’re not talking about early adopters as much as about hedge funds and crypto exchanges, who have their coffers full of ETH. Many exchanges are throwing their hat into the validator game. Coinbase, Binance, etc. — they can easily stake their clients’ ETH for validating ETH, giving them a much higher investment to play with than your average ETH holder. Will the biggest echanges become the biggest validators? Will one or a few have enough power to corner the market and threaten the integrity of Ethereum? Time will tell, but the threat is real enough to keep an eye on.
Based on Dune Analytics research, big centralized companies already control 66% of all staked ETH. So much for decentralization.
Government Censorship
This looks even worse when you consider that most of these big validator node-running companies have a significant presence in the US and are thus vulnerable to all kinds of pressure from US validators, from stringent KYC policies to outright blocking transactions based on speculation on what is being bought/sold, by whom, from where, etc. This kind of censorship is everything the blockchain movement has been fighting against.
Coinbase’s Brian Armstrong has recently publicly stated that he’d pull Coinbase out of the mining business if the government forces them to censor blocks. But you never really know — government pressure is not easy to resist, and giving up the profits from such a massive market as the USA or China is not an easy decision for any corporation. For users, it’s a massive risk to wake up one day and realize that the world’s biggest utility blockchain doesn’t allow your transactions to go through at the most critical moment.
Obviously, Ethereum core developers are vehemently opposed to any sort of block censorship by validators. They intend to monitor validators and ban any that act maliciously. Though one has to wonder if at some point the will of the majority validators may become stronger than the will of the vore dev team (which itself may splinter over a specific censorship case, such as censorship of transactions related to terrorism or pedophelia).
Proof-of-security?
In the U.S., as in many other countries, there is an ongoing battle over how exactly to regulate crypto: is it a currency, commodity, security, etc.? According to statements from Gary Gensler, head of the Securities and Exchange Commission (SEC), PoW cryptocurrencies are considered commodities, not securities. As reported by USfunds.com, Mr. Gensler stated during the week of the Merge that
«digital assets that allow investors to stake their holdings in exchange for new coins may qualify them as securities.»
Tighter regulations that are usually applied to securities may scare off various corporate and even private investors from the Ethereum ecosystem. Plus, there is always a possibility, however distant, that regulators will put so many restrictions on PoS cryptocurrencies as to make using them in their territory too risky to bother with.
Shanghai Situation
While the Merge was an event of major historical significance, it’s not the last big step in switching Ethereum to PoS. At this time, all the ETH staked on the Beacon Chain of Ethereum still cannot be withdrawn by validators. Indeed, they will not be able to withdraw it until the Shanghai update is pushed, sometime 6–12 months from now. That’s quite a bit of time without the ability to withdraw funds, all the while DeFi having plenty of farms and liquidity pools with instant withdrawal ability. If there are news or worries about the Shanghai upgrade being delayed, this can upset current ETH stakers and keep away any new ones. At this time, approximately 11% of ETH’ total supply is locked in such a stake (that’s over 13 million ETH, equivalent of over $22 billion).
Privacy
According to Blockworks,
«validators will have immediate access to the transaction fees paid and MEV earned during block proposals on the execution layer»
This raises privacy concerns. If validators were to somehow abuse this information in ways that violate user privacy, it would threaten the integrity of Ethereum as a whole. Such violations would very likely also lead to regulator scrutiny and an avalanche of FUD.
Denial-of-Service (DoS) Attack
Oh the irony of a decentralized network being exposed to the good ol’ DoS attack. With block proposers in a PoS system known ahead of time, one proposer (waiting in line for his chance) may decide to up the odds by attacking the current proposer’s node with a DoS attack. Here too, ETH core developers are working on solutions. But until one is found, will the transparency of the process be enough to stop malicious actors?
The two-block problem
In both PoW and PoS frameworks, there are multiple blocks competing to be validated and thus become part of the permanent blockchain. With PoW, nobody knows which block will be validated next. But with PoS, the validators are told about the next block to be validated. If a validator has validated the previous block and will get to validate the upcoming one, price manipulation is possible. As quoted in Cointelegraph, a blockchain security researcher said:
«If you control two consecutive blocks, you can start an exploit on block N and finish it on block N+1 without having any arbitrage bot coming in and fixing the price that you have manipulated in between.»
Of course, Ethereum core developers are aware of this vulnerability and are working on finding a solution. Also, Ethereum validators are under intense public scrutiny, with the system designed in such a way that malicious actors will be punished.
Replay attacks
Thrown overboard by the Merge, Ethereum miners are forking ETH, with ETH PoW being the most prominent clone so far. There has been some talk about one or more of the ETH forks trying to «steal» the network’s popular digital assets, especially the big-ticket NFTs like CryptoPunks or BAYC. That opens up a path to «replay attacks» where the scammers may try to dupe someone into selling their actual ETH BAYC while trying to only sell the much cheaper «knock off».
However, to pull this off requires that the forked chain to have the same chain indicator as ETH. So far, none of the forks have done that, opting for their own chain indicators. Thus, the risk of a replay attack seems minimal at this point.
Of course, there is still plenty of room for scammers to dupe the NFT owners into not paying enough attention and selling their prized possessions for a fraction of their cost. But those scams are possible on any chaine. Above all, one must be very careful when buying or selling assets: never click on email links for sites such as open sea — always go to your bookmark of it.
ETH price considerations
This one is not exactly a security risk and we are not giving financial advice. Yet, it would be wrong to completely ignore the financial side of the Merge. First of all, the price of ETH has gone above $1,700 pre-merge and has dropped to under $1,400 since. This could be due to many factors in and out of the world of crypto.
The other point to note is that Ethereum is still not really a deflationary currency. Yes, some ETH is burned with every transaction fee depending on various factors. Yet, the emission is still unlimited and the open circulation of ETH is increasing.
Conclusion
So far, the Merge has been an unqualified success. There are certainly risks to be aware of and monitor. Though the Ethereum core team is actively trying to solve the biggest vulnerabilities. And there is massive public scrutiny and pressure for validators to play fair. Regulators are always a factor to consider, and the crypto industry is in regular communication with them to find reasonable frameworks.