Bitcoin has proactive security against 51% style attacks. Attackers must obtain ASICs and energy resources in order to begin their attack. Both of these actions would be visible in the real world, either by one entity purchasing the entire production capability of multiple ASIC manufacturers for months or years or confiscating by force existing mining operations. Obtaining energy resources is difficult if not using existing resources by miners, which they would gain if confiscating existing ASICs. However, it would be more difficult to find new sources of energy since most excess energy is already purchased by miners in the first place. Attacks against proof of work can also be fought by honest miners, increasing the cost of the attack on the attacker until they give up. The attacker is not able to attack Bitcoin indefinitely because of the real world cost to obtain more ASICs and energy resources, which people would fight against outside of the blockchain itself. The human element is critical here because as Bitcoin gains more and more adoption, more and more people rely on it for savings and payments due to its censorship resistant properties in the first place, which are effectively what are under attack. Even with money printing, a government cannot perform this attack forever because they will reveal that their money is inferior to Bitcoin and their people will revolt against their leaders.
Ethereum's proof of stake relies on retroactive security against 51% style attacks. Meaning the attack has already taken place, and it's up to the protocol, or in some cases the users, to punish the attacker for the attack that they already performed. All the attacker has to do in order to begin their attack is obtain a majority of the staked coins, not obtain a majority of all the coins in existance. Due to the nature of having to obtain 32 ETH in order to participate as a validator, and that most people will be risk adverse to pooling their money in a smart contract due to the history of smart contracts getting hacked. An attacker would not revert previously-checkpointed transactions since the protocol would automatically slash them anyway, instead, they would be able to censor transactions going forward indefinitely. Ethereum's only solution to this is a "minority user activated soft fork (UASF)" which would create a fork to invalidate the attacker's stake using a "inactivity leak mechanism". Essentially this would mean the devs would push users to a fork of Ethereum that they say is correct, instead of the one that the chain had naturally been created while following the consensus rules of the network.
I consistently see Vitalik state that PoS can handle 51% attacks better than PoW. Why would he say that? Because ultimately they would minority UASF an attackers coins away as part of Ethereum's security model. This absolutely blows my mind that people are willing to accept this as valid. Even the term "UASF" is used incorrectly, because users are not validators in PoS. Ethereum's PoS replaces miners with validators, giving validators power over both block production and validation, instead of the larger (though shrinking because Ethereum is garbage for other reasons as well) network of node operators to validate blocks. So it's really a minority of a minority fork, not really user activated, more like a minority validator activated soft fork (VASF). Yet the "community" is supposed come together and decide to fork the chain, where in the fork the attacker has been slashed. Does this not sound familiar? PoS' biggest selling point with regards to defeating 51% attacks is censorship. Surely this power would never be abused.
reply
Any fork of Ethereum chain could easily be led by this one node: https://infura.io
Aside from Infura, Metamask also has a big say on which Ethereum chain is the 'real' one. OpenSea is another contender.
Jeff Bezos could easily shut down over 1/3 of the network and evaporate the stakes of all validators hosted on AWS (then whitelist approved peers at the firewall, that choose the 'right' fork of course).
I'm not sure why the Ethereum network has become so centralized over the years. It may have something to with the fact that a full (i.e 'archive') node on Ethereum now requires 10 terabytes of storage in order to store the full blockchain history:
I think Vitalik is a brilliant engineer, and I do appreciate what the EVM can do as a developer. I hope the core developers at Ethereum can figure out how to better scale the behemoth which they created.
Ethereum 2.0 is an interesting concept, but I don't think it addresses the real elephant in the room. I wish them the best of luck for the activation though. Hopefully it buys them more time while the Ethereum team pursues additional solutions.