Crypto Research

Is Proof of Stake Less Secure Than Proof of Work?

Proof of stake is not less secure than proof of work — it uses a different security model. PoW relies on hardware and energy costs; PoS relies on capital at risk and slashing. Both have real empirical records and distinct failure modes.
Lewis Jackson
CEO and Founder

The claim that proof of stake is less secure than proof of work shows up often — usually from Bitcoin maximalists, occasionally from academic papers that formalized the original critiques. The concern is intuitive: if validators don't burn energy to produce blocks, what stops them from cheating?

This framing conflates "work" with "security." The relevant question isn't how much energy a network consumes — it's how expensive a successful attack is, and what happens to the attacker if they try.

Both systems make dishonest behavior costly. They just use different instruments to do it.

How Each System Creates Attack Costs

In proof of work, the cost of an attack is physical. To rewrite Bitcoin's transaction history or pull off a double-spend, you need to control more than 50% of the network's total hash rate. That means acquiring enough ASIC mining hardware — a large upfront capital expense — and paying for the electricity to run it continuously. At current Bitcoin hash rates, estimates put the cost of a sustained 1-hour attack somewhere in the range of tens of millions of dollars, with no guarantee of profit and the risk that the coin devalues as markets respond to the attack itself.

In proof of stake, the cost is financial but structured differently. Validators lock up a digital asset — ETH, in Ethereum's case — as collateral to participate in block validation. If they behave dishonestly (signing conflicting blocks, for example), the protocol automatically destroys part of their stake. This is called slashing, and it's the mechanism that makes cheating expensive rather than merely pointless.

To attack Ethereum's finality — the strong guarantee that finalized blocks won't be reverted — an attacker needs to control roughly one-third of all staked ETH. With around 33 million ETH staked, that's a capital requirement north of $50 billion at prevailing prices. Acquiring that stake without moving the market would be extraordinarily difficult. Using it to attack would trigger slashing, destroying a significant portion of the capital used to mount the attack.

The "Nothing at Stake" Problem — and How It Was Fixed

The classic objection to PoS was the nothing-at-stake problem, and it's worth understanding because it's genuinely the origin of the "PoS is less secure" argument.

In early PoS designs, validators had no reason not to vote on multiple competing chains simultaneously. Unlike mining, there's no energy cost per vote — so a rational validator might hedge by validating every fork, regardless of which one is actually correct. This destabilizes consensus because validators don't have a clear incentive to converge on a single chain.

Modern slashing mechanisms resolve this directly. Signing conflicting messages about the same block height is now provably detectable, and the protocol responds by burning the offending validator's stake. The nothing-at-stake critique applies to historical PoS designs, not to Ethereum's current implementation.

The Part That's Actually More Complicated: Long-Range Attacks

This is where honest analysis has to acknowledge a real tradeoff.

A long-range attack is the theoretical scenario where an attacker controls a large number of old validator keys — from a period when staking participation was much lower — and uses them to construct an alternative chain history from deep in the past. Because those keys were legitimate validators at that earlier block height, the alternative chain would look valid to a new client syncing from genesis.

Bitcoin doesn't have this problem. Its longest-chain rule is objective and doesn't require any social agreement about recent history. Any client can verify from block 0 that the current chain is correct.

Ethereum mitigates long-range attacks through weak subjectivity. Nodes are expected to sync from a recent, trusted checkpoint rather than trusting the longest chain from genesis. That checkpoint has to come from somewhere — the community, exchanges, block explorers. This is a real dependency on social consensus that doesn't exist in PoW.

Whether this makes PoS meaningfully "less secure" depends on your threat model. For the vast majority of use cases, weak subjectivity is an acceptable tradeoff. For a system requiring trust minimization from genesis — no social trust, ever — it's a genuine design difference, not a trivial one.

PoW Has Its Own Failure Mode

PoW security degrades predictably on smaller chains, and this isn't theoretical. Ethereum Classic was successfully 51%-attacked three separate times in 2020. The attackers rented hash power cheaply because ETC's hash rate is tiny relative to Bitcoin's — and relative to the cost of mounting an attack.

Bitcoin's security depends on its dominant hash rate position being maintained. If mining economics shifted significantly — say, hash rate migrated en masse to another chain — the attack surface would grow. PoW security is only as strong as the hash rate relative to available attack resources at any given moment.

PoS security degrades if the staked asset loses value dramatically. A 90% price collapse in ETH would reduce the nominal capital required to mount an attack by the same proportion. This is a real economic risk. Though notably, a successful attack would accelerate the price collapse — making the attack economically self-defeating in most scenarios.

What the Empirical Record Shows

Ethereum completed the Merge in September 2022. As of May 2026, the network has operated under PoS for nearly three years without a significant security incident. No finality reversions. No coordinated slashing events from attackers. Staking participation has continued to grow.

Bitcoin's PoW has over 15 years of operation on mainnet without a successful 51% attack. Both records matter. Neither guarantees future behavior.

The theoretical critiques of PoS haven't materialized at scale. That's evidence, not proof — the empirical test at extreme scale simply hasn't happened yet for either model.

Confirmation and Invalidation Signals

What would confirm PoS security holds: Continued absence of finality violations in Ethereum. Staking participation remaining above current levels. No single entity accumulating a one-third stake position. Attack cost estimates staying in the multi-billion-dollar range.

What would break the thesis: A successful finality reversion demonstrating the slashing mechanism fails under real attack conditions. Acquisition of a disqualifying stake concentration by a single entity without triggering a protocol response. ETH price collapse reducing attack cost below rational attack profitability — paired with an attacker willing to operate at that threshold.

Timing

Now: Both PoW and PoS are operational with meaningful empirical records. The nothing-at-stake critique is resolved by slashing. Ethereum's PoS track record is real but shorter than Bitcoin's PoW baseline. The honest posture here is: both are working, both have known failure modes, and neither has failed catastrophically.

Next: Ethereum's roadmap includes single-slot finality, which would shorten the finality window and reduce the long-range attack surface further. Worth monitoring as a security-relevant upgrade if it ships.

Later: Quantum computing poses a long-horizon challenge to the cryptographic primitives underlying both systems — not the consensus mechanism itself, but the signature schemes. This is decades away and affects PoW and PoS differently, but both require a response at some horizon.

What This Doesn't Settle

This covers the security mechanisms of PoW and PoS as protocol designs. It doesn't address which model is better suited for any particular use case, and it doesn't resolve which network properties matter most for any given purpose. The security of a specific network depends on its individual parameters — hash rate, staking rate, asset price, validator concentration — not the consensus model in isolation.

The honest answer to the original question: proof of stake isn't less secure than proof of work. It's a different security model with different attack vectors, different costs, and different failure modes. Both have real empirical records. Neither has failed catastrophically at scale.

Related Posts

See All
Crypto Research
New XRP-Focused Research Defining the “Velocity Threshold” for Global Settlement and Liquidity
A lot of people looking at my recent research have asked the same question: “Surely Ripple already understands all of this. So what does that mean for XRP?” That question is completely valid — and it turns out it’s the right question to ask. This research breaks down why XRP is unlikely to be the internal settlement asset of CBDC shared ledgers or unified bank platforms, and why that doesn’t mean XRP is irrelevant. Instead, it explains where XRP realistically fits in the system banks are actually building: at the seams, where different rulebooks, platforms, and networks still need to connect. Using liquidity math, system design, and real-world settlement mechanics, this piece explains: why most value settles inside venues, not through bridges why XRP’s role is narrower but more precise than most narratives suggest how velocity (refresh interval) determines whether XRP creates scarcity or just throughput and why Ripple’s strategy makes more sense once you stop assuming XRP must be “the core of everything” This isn’t a bullish or bearish take — it’s a structural one. If you want to understand XRP beyond hype and price targets, this is the question you need to grapple with.
Read Now
Crypto Research
The Jackson Liquidity Framework - Announcement
Lewis Jackson Ventures announces the release of the Jackson Liquidity Framework — the first quantitative, regulator-aligned model for liquidity sizing in AMM-based settlement systems, CBDC corridors, and tokenised financial infrastructures. Developed using advanced stochastic simulations and grounded in Basel III and PFMI principles, the framework provides a missing methodology for determining how much liquidity prefunded AMM pools actually require under real-world flow conditions.
Read Now
Crypto Research
Banks, Stablecoins, and Tokenized Assets
In Episode 011 of The Macro, crypto analyst Lewis Jackson unpacks a pivotal week in global finance — one marked by record growth in tokenized assets, expanding stablecoin adoption across emerging markets, and major institutions deepening their blockchain commitments. This research brief summarises Jackson’s key findings, from tokenized deposits to institutional RWA chains and AI-driven compliance, and explains how these developments signal a maturing, multi-rail settlement architecture spanning Ethereum, XRPL, stablecoin networks, and new interoperability layers.Taken together, this episode marks a structural shift toward programmable finance, instant settlement, and tokenized real-world assets at global scale.
Read Now

Related Posts

See All
No items found.
Lewsletter

Weekly notes on what I’m seeing

A personal letter I send straight to your inbox —reflections on crypto, wealth, time and life.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.