This is somewhat of a sequel to my previous post on PoW vs PoS, where I'll go into detail on one specific type of attack that I predict will inevitably happen on Ethereum due to the nature of PoS. I'll show how in PoS, centralized exchanges operate similar to traditional banks. Then I'll explain why Ethereum's minority UASF (really a VASF) would ultimately fail against a change by a centralized exchange validator cabal.
Centralized exchanges are profit maximizing companies. They will do whatever means necessary to extract profits out of things they control, with little regard for the security of the cryptocurrency network tokens that trade on their platform since failures mean more volatility which mean more fees extracted from users. The switch to PoS is extremely advantageous to them in that they get access to 2 new income streams: staking and MEV. These are new income streams because in order for them to obtain profits in PoW on Bitcoin, they would have to purchase ASICs, house them, pay for electricity, maintain them, etc. These are unavoidable operational costs associated with all PoW chains and act as a proactive security barrier for the network.
A major loss of security in PoS is that full nodes are losing the ability to secure the network. Securing the network will be done entirely by validators, requiring a 32 ETH stake, to flag and slash malicious validators. Full nodes will not accept arbitrary changes to consensus though. However, a majority of users on Ethereum do not run their own nodes and instead rely on services like Infura and Etherscan to interact with the chain. This is because running a full node requires significantly more resources than a Bitcoin node, not just storage, which is rapidly growing, but CPU and RAM usage too. A light client doesn't solve this because you're still relying on someone else's node, and therefore their rules.
Exchanges will absolutely take advantage of the enormous amount of ETH that they custody. Similar to buying treasuries, staking is a form of guaranteed risk free yield. They will be able to know how much ETH they can get away with staking without affecting user withdrawals, similar to fractional reserve banking. They may even offer their own tokens in order to attract more ETH to their platforms, like how a bank provides interest in a savings account.
Some users may say, "to hell with these centralized exchanges, I'll use a DEX." However, as the centralized exchanges acquire more ETH and eventually gain a majority share of the validators, they unlock that second income stream, MEV. They will ensure DEX users get the worst rate possible, with the most amount of slippage possible, while also making a profit on every DEX trader, since they will control transaction ordering. The centralized exchanges could even lower trading fees on their platforms to make users come back, where they can use their ETH.
With a majority of the ETH staked, it's easy to see how these exchanges will be targeted for regulation, and by that I really mean censorship. They'll be obligated to exclude transactions to or from blacklisted addresses, and may even overwrite blocks that include them if they're recent enough to not be penalized for it. This is a separate problem though that I don't need to get into too much detail. Because there is no external cost to maintain a validator, a majority group of validators can never be unseated. Best summarized here.
Eventually, these centralized exchanges will collude and try to push a consensus change in that the users don't agree with. We don't have to focus on what that is, just that it's likely to happen at some point, though I would predict it would be some form of bailout. The exchanges have the means to update the validator client software themselves, they don't particularly need the ETH devs to do it for them. This is where strong arming begins, and is what failed on Bitcoin during the block size war, but since the full nodes lost their ability to secure the network, will allow the exchanges to be successful this time. Exchanges could easily buy Infura and Etherscan, even in some indirect form, and get them to use their fork in the event of a contentious update.
Ethereum does have one maneuver to fight this though, which they call a minority UASF. This is where the "community" can decide to fork the chain and burn an attacker's stake. However, the problem is the ETH being burned would actually be the user's, because it's actually their ETH deposited in the exchanges. Ethereum's security model assumes an attacker would have to purchase ETH in order to pull off a 51% attack, but the reality is that's not even necessary. So since the ETH to be burned on the minority fork are the user's, no one will migrate to it, certainly not the exchanges.
So there we have it, the only recourse for an attack on PoS fails and the exchanges control the chain. Any consensus rule is up for them to modify because they can update their clients and some key nodes that users rely on. All of this sounds very much like the current fiat system, because it is. This is exactly what Bitcoiners mean when they say PoS is fiat, it's old technology, it's what we've been on this whole time.