Game Theoretic Modelling of a Ransom and Extortion Attack on Ethereum Validators

TL;DR

This paper models how attackers can extort Ethereum validators using game theory, revealing that validators are often forced to pay ransoms due to lack of systemic protections, risking disruption of PoS networks.

Contribution

It introduces a game theoretic model of ransom and extortion attacks on Ethereum validators, highlighting vulnerabilities and potential mitigation strategies.

Findings

Validators tend to pay ransoms due to systemic vulnerabilities.

Attacker can coerce payments through smart contract-based extortion.

Current system offers limited protections against such attacks.

Abstract

Consensus algorithms facilitate agreement on and resolution of blockchain functions, such as smart contracts and transactions. Ethereum uses a Proof-of-Stake (PoS) consensus mechanism, which depends on financial incentives to ensure that validators perform certain duties and do not act maliciously. Should a validator attempt to defraud the system, legitimate validators will identify this and then staked cryptocurrency is `burned' through a process of slashing. In this paper, we show that an attacker who has compromised a set of validators could threaten to perform malicious actions that would result in slashing and thus, hold those validators to ransom. We use game theory to study how an attacker can coerce payment from a victim, for example by deploying a smart contract to provide a root of trust shared between attacker and victim during the extortion process. Our game theoretic model finds that it is in the interests of the validators to fully pay the ransom due to a lack of systemic protections for validators. Financial risk is solely placed on the victim during such an attack, with no mitigations available to them aside from capitulation (payment of ransom) in many scenarios. Such attacks could be disruptive to Ethereum and, likely, to many other PoS networks, if public trust in the validator system is eroded. We also discuss and evaluate potential mitigation measures arising from our analysis of the game theoretic model.