Opinion by: Loring Harkness, Head of Commercial at brainbot GmbH and Shutter
Earlier this year, the Ethereum Foundation launched a $1 trillion security initiative, a development in its wider campaign to tailor the chain’s image for its new audience of non-crypto retail investors, Wall Street and traditional financial institutions
On paper, the initiative is nothing but a good thing. Ethereum, recognizing its shortcomings, is refreshing. The proposed approach also offers a clear path to being “far greater” regarding security — a direction that will provide the industry we hope to attract to crypto with peace of mind. For Ethereum’s security problem, however, too much transparency is fundamentally the problem.
The $1,000 dream
The Ethereum Foundation’s trillion-dollar initiative views success as a world where “billions of individuals are each comfortable storing more than $1,000 onchain.” If we were to assume a constant trajectory based on the current growth rate for unique wallet holders on Ethereum, that milestone is less than a decade away. As Ethereum celebrated its 10th anniversary on July 30, we’re assuming colossal mass adoption for the chain at an institutional and retail level
In principle, this progress is well within Ethereum’s reach. DeFi protocols on Ethereum now manage over $64 billion in total value locked (TVL). The Foundation’s heightened engagement with Wall Street giants like BlackRock, Fidelity, JPMorgan and Robinhood has seen traditional finance juggernauts publicly embracing Ethereum-based financial products, validating the blockchain’s maturity
Despite Ethereum’s reputation-boosting activity, blockchain security researchers and innovators are raising increasingly urgent alarms about the extent of malicious maximal extractable value (MEV), particularly on Ethereum.
Since 2020, more than $1.8 billion has been extracted through MEV on Ethereum, mainly at the expense of everyday users through malicious MEV. Some might say this is all part of the DeFi game. In reality, it’s incredibly unfair, particularly as non-web3 natives come onchain, the population that will make up the billions of users Ethereum wants to convince.
Ethereum’s transaction ordering
Ethereum’s architecture exposes a fundamental vulnerability: its currently unencrypted public mempool. Any transaction processed on Ethereum must pass through its public mempool, where the transactions are broadcast to everyone — including bad actors and bots — before being confirmed. At this stage, bots attack, front-run and re-order transactions for profit.
Related:Vitalik Buterin proposes minimalism as key to layer-2 blockchain success
This transparent design, originally intended to enhance verification, creates a perfect environment for predatory actors to analyze pending transactions and manipulate transaction ordering to their advantage.
Another reality is that sandwich attacks, front-running, and other malicious MEV exploits sit in a regulatory grey area. Though there are some developments in the works at the European Securities and Markets Authority (ESMA) to tackle this, there’s no formal framework to police this activity, and there’s little consequence that holds attackers to account.
Sacrificing total transparency
This isn’t a new problem, and there are solutions that claim to address malicious MEV out there.The dominant alternatives prioritize giving users a more equal slice of the pie, however, rather than a fair chance in the first place. Current private transaction pools create centralization risks and often just shift MEV extraction to different actors, rather than eliminating it
MEV-Boost attempts to democratize MEV extraction but doesn’t eliminate it. It redistributes MEV profits between builders and proposers while users still suffer from front-running and sandwich attacks.
The only credible solution to Ethereum's malicious MEV crisis is redesigning how transactions flow through the network. That answer lies in encrypting Ethereum’s mempool, utilizing a decentralized system where a distributed network of parties temporarily encrypts all transactions until the transactions are complete
Encrypting transactions until they’re permanently placed in a block allows us to achieve a level playing field where malicious MEV becomes virtually impossible. An encrypted mempool on Ethereum would transform the user experience by automatically providing all users with protocol-level protection against malicious MEV, without users needing to take any action
Most people would never switch their RPC or DEX, so the only real solution is to make fairness the default. It would also eliminate the need for today’s patchwork of centralized MEV-prevention tools, which have helped limit some attacks but haven’t entirely stopped malicious MEV.
This encrypted mempool system seems simple, but it would represent a massive architectural shift for Ethereum.
It would require changes to Ethereum’s underlying protocol. The code changes needed will touch Ethereum's most fundamental components — its transaction propagation mechanisms, consensus protocols and execution environment. The timeline for these changes will stretch over multiple network upgrades, likely requiring several years for full implementation. If Ethereum continues to grow at the current rate, the demand for a viable, long-term solution for such a threat will only rise.
Ethereum’s next move
As institutional capital continues pouring into Ethereum's ecosystem, the stakes of addressing its malicious MEV vulnerability will continue to grow. The recent institutional adoption wave provides a deceptive sense of security that masks the underlying technical crisis. Still, it’s only a matter of time before institutions and users ask questions about vulnerabilities.
The $1 trillion security initiative deserves strong community support because it targets the issue at the heart of Ethereum's value proposition: Can we trust that the network will process our transactions fairly?
The technology pathway to fairness on Ethereum is clear: encrypted mempools. What remains to be seen is whether the Ethereum community resolves to implement these changes before institutional trust erodes.
The price chart may look promising today, but without addressing its malicious MEV crisis, Ethereum's long-term security and viability remain at risk
Opinion by: Loring Harkness, Head of Commercial at brainbot GmbH and Shutter.
This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Esta página puede contener contenido de terceros, que se proporciona únicamente con fines informativos (sin garantías ni declaraciones) y no debe considerarse como un respaldo por parte de Gate a las opiniones expresadas ni como asesoramiento financiero o profesional. Consulte el Descargo de responsabilidad para obtener más detalles.
Ethereum should limit transparency for a fairer blockchain
Opinion by: Loring Harkness, Head of Commercial at brainbot GmbH and Shutter
Earlier this year, the Ethereum Foundation launched a $1 trillion security initiative, a development in its wider campaign to tailor the chain’s image for its new audience of non-crypto retail investors, Wall Street and traditional financial institutions
On paper, the initiative is nothing but a good thing. Ethereum, recognizing its shortcomings, is refreshing. The proposed approach also offers a clear path to being “far greater” regarding security — a direction that will provide the industry we hope to attract to crypto with peace of mind. For Ethereum’s security problem, however, too much transparency is fundamentally the problem.
The $1,000 dream
The Ethereum Foundation’s trillion-dollar initiative views success as a world where “billions of individuals are each comfortable storing more than $1,000 onchain.” If we were to assume a constant trajectory based on the current growth rate for unique wallet holders on Ethereum, that milestone is less than a decade away. As Ethereum celebrated its 10th anniversary on July 30, we’re assuming colossal mass adoption for the chain at an institutional and retail level
In principle, this progress is well within Ethereum’s reach. DeFi protocols on Ethereum now manage over $64 billion in total value locked (TVL). The Foundation’s heightened engagement with Wall Street giants like BlackRock, Fidelity, JPMorgan and Robinhood has seen traditional finance juggernauts publicly embracing Ethereum-based financial products, validating the blockchain’s maturity
Despite Ethereum’s reputation-boosting activity, blockchain security researchers and innovators are raising increasingly urgent alarms about the extent of malicious maximal extractable value (MEV), particularly on Ethereum.
Since 2020, more than $1.8 billion has been extracted through MEV on Ethereum, mainly at the expense of everyday users through malicious MEV. Some might say this is all part of the DeFi game. In reality, it’s incredibly unfair, particularly as non-web3 natives come onchain, the population that will make up the billions of users Ethereum wants to convince.
Ethereum’s transaction ordering
Ethereum’s architecture exposes a fundamental vulnerability: its currently unencrypted public mempool. Any transaction processed on Ethereum must pass through its public mempool, where the transactions are broadcast to everyone — including bad actors and bots — before being confirmed. At this stage, bots attack, front-run and re-order transactions for profit.
Related: Vitalik Buterin proposes minimalism as key to layer-2 blockchain success
This transparent design, originally intended to enhance verification, creates a perfect environment for predatory actors to analyze pending transactions and manipulate transaction ordering to their advantage.
Another reality is that sandwich attacks, front-running, and other malicious MEV exploits sit in a regulatory grey area. Though there are some developments in the works at the European Securities and Markets Authority (ESMA) to tackle this, there’s no formal framework to police this activity, and there’s little consequence that holds attackers to account.
Sacrificing total transparency
This isn’t a new problem, and there are solutions that claim to address malicious MEV out there.The dominant alternatives prioritize giving users a more equal slice of the pie, however, rather than a fair chance in the first place. Current private transaction pools create centralization risks and often just shift MEV extraction to different actors, rather than eliminating it
MEV-Boost attempts to democratize MEV extraction but doesn’t eliminate it. It redistributes MEV profits between builders and proposers while users still suffer from front-running and sandwich attacks.
The only credible solution to Ethereum's malicious MEV crisis is redesigning how transactions flow through the network. That answer lies in encrypting Ethereum’s mempool, utilizing a decentralized system where a distributed network of parties temporarily encrypts all transactions until the transactions are complete
Encrypting transactions until they’re permanently placed in a block allows us to achieve a level playing field where malicious MEV becomes virtually impossible. An encrypted mempool on Ethereum would transform the user experience by automatically providing all users with protocol-level protection against malicious MEV, without users needing to take any action
Most people would never switch their RPC or DEX, so the only real solution is to make fairness the default. It would also eliminate the need for today’s patchwork of centralized MEV-prevention tools, which have helped limit some attacks but haven’t entirely stopped malicious MEV.
This encrypted mempool system seems simple, but it would represent a massive architectural shift for Ethereum.
It would require changes to Ethereum’s underlying protocol. The code changes needed will touch Ethereum's most fundamental components — its transaction propagation mechanisms, consensus protocols and execution environment. The timeline for these changes will stretch over multiple network upgrades, likely requiring several years for full implementation. If Ethereum continues to grow at the current rate, the demand for a viable, long-term solution for such a threat will only rise.
Ethereum’s next move
As institutional capital continues pouring into Ethereum's ecosystem, the stakes of addressing its malicious MEV vulnerability will continue to grow. The recent institutional adoption wave provides a deceptive sense of security that masks the underlying technical crisis. Still, it’s only a matter of time before institutions and users ask questions about vulnerabilities.
The $1 trillion security initiative deserves strong community support because it targets the issue at the heart of Ethereum's value proposition: Can we trust that the network will process our transactions fairly?
The technology pathway to fairness on Ethereum is clear: encrypted mempools. What remains to be seen is whether the Ethereum community resolves to implement these changes before institutional trust erodes.
The price chart may look promising today, but without addressing its malicious MEV crisis, Ethereum's long-term security and viability remain at risk
Opinion by: Loring Harkness, Head of Commercial at brainbot GmbH and Shutter.
This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.