Restaking is a ticking time bomb
Stack enough financial risk onto a blockchain system, and you’re inviting more fundamental instability
Midjourney modified by Blockworks
A new kind of blockchain architecture is having its moment in the sun — but it’s also casting a long shadow.
So-called “restaking” protocols claim they’ve achieved new levels of efficiency by piggybacking on staking-based security models. But those efficiencies also entail risks — risks we don’t entirely understand.
That isn’t just risk to users of any particular restaking project, but to entire ecosystems. Ethereum co-founder Vitalik Buterin himself has warned that restaking protocols could pose “significant systemic risk.” It’s important to pay attention now, because these protocols are growing fast, and any risk is growing with them.
In a worst-case scenario, a large enough failure could destabilize the underlying blockchain whose security is being recycled. We’ve already had a mild preview of such a catastrophe in the chaos caused by the 2022 exploit of Ankr, a restaking protocol built on the BNB network.
The risk comes from layers of derivative and synthetic financial assets that require increasing yield and liquidity to sustain the system; not to mention the unproven new infrastructure, tech and code that it all runs on. Those parallel the complex risks that caused the largest financial meltdown in living memory: the Great Financial Crisis of 2008.
The dominant motives for restaking may be added cause for anxiety. These systems pitch stakers above all on increased returns via the ability to collect multiple staking rewards from the same deposit. This again parallels the GFC: The creators of the CDOs at the heart of that blowup thought they were financial innovators increasing liquidity and returns, but they didn’t foresee the broader implications of their innovations.
Historically, a preoccupation with returns over utility has been a red flag for crypto and financial products. To paraphrase Jurassic Park’s Dr. Ian Malcolm, users and developers are so focused on whether or not they can restake, they aren’t stopping to think whether they should restake.
Shadows of the past
“Staking” is the fundamental security model of many blockchains, which requires locking up a native token like ETH as collateral. That stake becomes a kind of assurance deposit for a “validator” which submits and collates transactions to the Ethereum network. This security comes at a cost, though — you can’t use staked ETH for anything else, and your stake can be seized, or “slashed,” if you break the rules.
“Liquid staking” protocols like Lido emerged as a work-around solution to these lockups, allowing users to stake their ETH while receiving a liquid staking derivative (LSD) token in return. “Restaking,” in turn, lets users stake these derivatives in a layer-2 system, like EigenLayer.
Some observers use a much uglier word to describe restaking: rehypothecation. It evokes the mother of all financial blowups in 2008.
Rehypothecation is when a leverage provider or other lender re-lends a borrower’s collateral to another borrower. This both increases counterparty risk to the bank’s balance sheet, because the same money could disappear from two different places, and increases systemic risk by multiplying points of failure and interdependence. That’s why it’s generally taboo for lenders, and often illegal.
Read more from our opinion section: Yes, staking actually should be regulated
The central culprit in the 2008 crisis was the use of collateralized debt obligations (CDOs, which we might also describe as liquid mortgage derivatives) as loan collateral. That is, banks were stacking loans on top of loans, while the promoters of CDOs argued they had engineered risk out of their product. When borrowers defaulted on the underlying mortgages, a huge amount of often unrelated debt had to be called in, causing a giant “freeze” in credit markets — and in turn, huge damage to the underlying assets and economy.
The technical risk
Restaking roughly amounts to lending the same capital to two different systems, and putting it at risk in both. The details of restaking protocols vary, but they all allow re-staked assets to be “slashed,” or taken away, if a validator misbehaves. Some restaking systems also require restakers to hand over control of their underlying ETH stake, which can then also be slashed.
This means that if a large enough proportion of ETH were restaked into a native staking layer, and that layer had a bad enough bug or hack, the technical security of Ethereum itself could be threatened.
This is why the drive to maximize yield is a security risk. Restaking services have largely imposed “caps” on the share of ETH they accept for restaking, but these are voluntary, and the drive for yield would logically lead to 100% of ETH being restaked somewhere. Eventually, a restaking service will emerge without the scruples to hold to voluntary caps, and the entire Ethereum system will have a new risk vector.
The financial risk
But even leaving aside that doomsday scenario, restaking increases systemic financial risk. This was illustrated in the rather obscure 2022 Ankr exploit. In that incident, a hacker gained control of a key that allowed them to mint a reported 6 quadrillion aBNBc tokens, or “Ankr Reward Bearing Staked BNB.” Because these tokens nominally represented a claim on underlying BNB, this was tantamount to printing fake BNB.
As the hacker sold off their counterfeit BNB, they crashed the price of liquid staking tokens across the ecosystem, with names like BNBx and stkBNB. The hacker also used fake aBNBc as loan collateral to extract stablecoins from a project called Helio, leaving that protocol in indebted shambles. The damage to those unrelated projects took roughly a month, and a lot of work, to fix — a tiny version of 2008’s CDO-fueled credit-market freeze.
The social risk
Vitalik Buterin focused on a different restaking risk in a May 2023 blog post. His main concern was that the failure of a large restaking-based layer-2 could trigger demands for a “fork” of the underlying system to fix the problem, which he called a threat to Ethereum’s “social consensus.”
In short, Vitalik was worried that victims of a big enough restaking blowup could demand a bailout. That risk has only become more acute as restaking grows. EigenLayer now holds roughly 8% of all staked ETH, a large enough body of users to make a credible threat of forking Ethereum.
In essence, Vitalik’s fear is that a restaking layer-2 could become, in yet another echo of 2008, “too big to fail.”
Crypto security is about both finance and tech
Even though I’m chief information security officer/chief technology officer of a blockchain security firm, I’m as worried about the financial risk of restaking as I am about the technical risk. That’s because blockchain security is an entirely new sub-discipline of security where technical and financial risk are constantly, intimately tied.
In the case of staking derivatives, the instability caused by the hack of a big enough restaking protocol could easily lead to technical instability on the underlying chain. One vector of contagion would simply be fear, as stakers seek to exit what suddenly looks like an unstable asset. In many systems, and Ethereum in particular, such a catastrophic rush to unwind positions would create a massive fee spike for all users. This could push token prices down further, creating a vicious liquidation cycle.
This illustrates how the unique strength of blockchains also entails unique risk. The interaction between financial incentives and decentralized digital security is fundamental to the basic operation of blockchains. With restaking, the inverse may prove true as well: Stack enough financial risk onto a blockchain system, and you’re inviting more fundamental instability.
Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.
