Ethereum co-founder Vitalik Buterin issued a critical reminder on X about the core security properties of blockchain systems, emphasizing that even a 51% attack cannot make an invalid block valid, safeguarding user assets from theft through consensus manipulation. "A key property of a blockchain is that even a 51% attack cannot make an invalid block valid," Buterin wrote. "This means even 51% of validators colluding (or hit by a software bug) cannot steal your assets."
However, he cautioned that this protection vanishes when users extend trust to validators for off-chain tasks, such as oracle data feeds, governance decisions, or cross-chain messages. "This property does not carry over if you start trusting your validator set to do other things," he explained. "At that point, 51% of validators can collude and give a wrong answer, and you don’t have any recourse." This highlights vulnerabilities in multi-chain interoperability, AI agents, and cross-chain bridges, where recent incidents like bridge exploits and oracle manipulation have shown that off-chain trust assumptions bypass blockchain's mathematical guarantees.
Buterin's warning comes amid Ethereum's push for distributed validator technology (DVT), adopted by exchanges like Kraken and staking providers on SSV Network, to mitigate risks by decentralizing validator control. He also referenced EigenLayer's slashing mechanisms using its own token as a partial solution, but noted it lacks the cryptographic certainty of on-chain validation. Additionally, Ethereum's privacy initiatives, such as the GKR technique for faster zero-knowledge proofs and the 47-member Privacy Cluster launched in September, aim to balance transparency with user privacy without compromising core security properties.
USDC
BTC
SOL
BNB
MBG