pith. sign in

arxiv: 2505.07713 · v2 · submitted 2025-05-12 · 💻 cs.NI

Routing Attacks in Ethereum PoS: A Systematic Exploration

Constantine Doumanidis , Maria Apostolaki This is my paper

Pith reviewed 2026-05-22 16:02 UTC · model grok-4.3

classification 💻 cs.NI
keywords Ethereum PoSBGP hijackingrouting attacksvalidator distributioninactivity leakMEVStakeBleedKnockBlock
0
0 comments X

The pith

Hijacking a small number of IP routes lets attackers trigger Ethereum PoS penalties that drain hundreds of ETH or boost their own MEV gains.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper first builds a method to locate where most validators sit on the public internet without sending any disruptive traffic. It then shows how an adversary who can reroute traffic to those locations can combine BGP hijacks with the protocol's inactivity-leak and block-inclusion rules. StakeBleed forces enough validators offline to stop finality and produce large collective losses. KnockBlock selectively drops targeted blocks so the attacker captures extra MEV. Both attacks require only modest numbers of prefixes and short hijack durations, making them realistic under current internet routing.

Core claim

By coupling a non-intrusive validator-location inference framework with the reward and penalty logic of Ethereum's Gasper protocol, the authors demonstrate two concrete routing attacks: StakeBleed, which triggers an inactivity leak and halts finality, and KnockBlock, which prevents selected blocks from being included. Measurements indicate that StakeBleed can impose losses approaching 300 ETH in two hours by hijacking as few as 30 prefixes, while KnockBlock can raise the attacker's expected MEV by 44.5 percent with a single prefix held for less than two minutes.

What carries the argument

A non-intrusive framework that maps validator IP addresses by combining public beacon-chain data with passive network observations, which then feeds into BGP-hijack simulations that interact with inactivity-leak and MEV-extraction mechanics.

If this is right

  • Validators must add route-origin validation or anycast to their infrastructure to limit hijack success.
  • The Ethereum P2P layer should add stronger location-hiding features so that IP addresses are not easily linkable to validator keys.
  • Network operators and IXPs need monitoring that flags short-lived hijacks targeting known consensus participants.
  • Similar routing-plus-protocol attacks become plausible for any PoS chain whose validator set is discoverable from public data.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same location-inference approach could be applied to other large PoS networks to quantify their exposure before an attack occurs.
  • If validators adopt anycast or private peering, the number of prefixes an attacker must control would rise sharply, changing the cost-benefit of these attacks.
  • Cross-layer defenses that combine routing security with consensus-layer penalties for misbehavior may be needed to raise the bar for such attacks.

Load-bearing premise

The new validator-location inference method produces an accurate picture of where real validators are hosted without ever contacting them.

What would settle it

Run a controlled BGP hijack against a known set of validator IPs for the durations described and measure whether the predicted inactivity leaks, finality stalls, or MEV shifts actually appear on the live chain.

Figures

Figures reproduced from arXiv: 2505.07713 by Constantine Doumanidis, Maria Apostolaki.

Figure 1
Figure 1. Figure 1: Network view (left): A StakeBleed adversary controlling a router in AS 8 isolates nodes in P, from the rest of the Ethereum network by diverting their traffic using a BGP hijack and dropping their connections to nodes outside P. Blockchain view (right): Nodes in P have a minority chain view of the blockchain. Before the inactivity leak is triggered, validators in P lose proposer rewards and incur penalties… view at source ↗
Figure 2
Figure 2. Figure 2: A KnockBlock adversary controls the validator node E that is set to propose in Slot 3. The attacker calculates the proposer schedule, finds that validator D is scheduled to propose before her in Slot 2, and prevents node D from proposing by performing a BGP hijack. She then preferentially includes some transactions and attestations that were intended for Slot 2 in her own block, while denying D its propose… view at source ↗
Figure 8
Figure 8. Figure 8: Distribution of validators under prefixes using our simplified heuristic. [PITH_FULL_IMAGE:figures/full_fig_p024_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Distribution of validators under ASes using our simplified heuristic. Just [PITH_FULL_IMAGE:figures/full_fig_p025_9.png] view at source ↗
read the original abstract

With the promise of greater decentralization and sustainability, Ethereum transitioned from a Proof-of-Work (PoW) to a Proof-of-Stake (PoS) consensus mechanism. The new consensus protocol introduces novel vulnerabilities that warrant further investigation. The goal of this paper is to investigate the security of Ethereum's PoS system from an Internet routing perspective. To this end, this paper makes two contributions: First, we devise a novel framework for inferring the distribution of validators on the Internet without disturbing the real network. Second, we introduce a class of network-level attacks on Ethereum's PoS system that jointly exploit Internet routing vulnerabilities with the protocol's reward and penalty mechanisms. We describe two representative attacks: StakeBleed, where the attacker triggers an inactivity leak, halting block finality and causing financial losses for all validators; and KnockBlock, where the attacker increases her expected MEV gains by preventing targeted blocks from being included in the chain. We find that both attacks are practical and effective. An attacker executing StakeBleed can inflict losses of almost 300 ETH in just 2 hours by hijacking as few as 30 IP prefixes. An attacker implementing KnockBlock could increase their MEV expected gains by 44.5% while hijacking a single prefix for less than 2 minutes. Our paper serves as a call to action for validators to reinforce their Internet routing infrastructure and for the Ethereum P2P protocol to implement stronger mechanisms to conceal validator locations.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The paper introduces a novel framework for inferring the distribution of Ethereum PoS validators on the Internet without disturbing the real network. Building on this, it defines two routing attacks that combine BGP prefix hijacking with Ethereum's inactivity leak and MEV mechanisms: StakeBleed, which induces widespread inactivity leaks to halt finality and impose financial losses on validators, and KnockBlock, which selectively prevents targeted blocks from being included to increase the attacker's expected MEV. The authors report that StakeBleed can cause losses of nearly 300 ETH in 2 hours by hijacking as few as 30 prefixes, while KnockBlock can yield a 44.5% MEV gain increase by hijacking a single prefix for less than 2 minutes. The work concludes with a call for improved validator routing security and stronger location concealment in the Ethereum P2P protocol.

Significance. If the quantitative results hold after validation, the paper is significant for exposing an under-studied intersection of Internet routing vulnerabilities and PoS consensus incentives. The inference framework and the two attack constructions provide concrete, falsifiable models that could guide both operational hardening by validators and protocol-level changes. The explicit linkage of prefix hijacking to measurable ETH losses and MEV uplift is a strength when supported by reproducible methodology.

major comments (3)
  1. [§4] §4 (Validator Distribution Inference Framework): The framework is load-bearing for every quantitative claim in the paper. The manuscript describes the method but supplies no ground-truth validation (e.g., comparison against disclosed validator IPs, controlled testnet runs, or false-positive analysis against non-validator traffic). Without such validation, any over-estimation of validator clustering directly inflates the reported attack effectiveness.
  2. [§5.1] §5.1 (StakeBleed Evaluation): The headline result of ~300 ETH losses in 2 hours via 30 prefixes rests on the unvalidated prefix-to-validator mapping. The section does not report simulation parameters, number of Monte-Carlo runs, or sensitivity to inference errors, making the loss figure impossible to reproduce or bound.
  3. [§5.2] §5.2 (KnockBlock Evaluation): The 44.5% MEV gain increase is presented without detailing the MEV data source, block-proposal model, or statistical significance. This quantitative claim is central to the practicality argument yet lacks the error analysis or baseline comparison required for a soundness assessment.
minor comments (2)
  1. [Abstract] Abstract: The quantitative claims appear without any methodological qualifier; a single sentence noting that results derive from the inference framework and attack simulations would improve reader expectations.
  2. [Throughout] Notation: The terms 'IP prefix' and 'BGP hijack' are used interchangeably in places; a short definitions subsection or consistent glossary would reduce ambiguity for readers outside networking.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for their insightful comments on our paper. We address each of the major comments below, providing clarifications and committing to revisions where appropriate to enhance the manuscript's rigor and reproducibility.

read point-by-point responses

  1. Referee: [§4] §4 (Validator Distribution Inference Framework): The framework is load-bearing for every quantitative claim in the paper. The manuscript describes the method but supplies no ground-truth validation (e.g., comparison against disclosed validator IPs, controlled testnet runs, or false-positive analysis against non-validator traffic). Without such validation, any over-estimation of validator clustering directly inflates the reported attack effectiveness.

    Authors: We appreciate this observation. Our inference framework is intentionally passive to avoid disturbing the network, which makes obtaining comprehensive ground-truth data challenging because validator operators do not publicly disclose their IP addresses. However, we recognize the importance of validation for the claims. In the revised manuscript, we will include a dedicated validation subsection. This will feature comparisons with a subset of validators who have voluntarily disclosed their locations in public forums or through Ethereum client configurations, results from controlled testnet experiments, and an analysis of false positives by examining traffic from known non-validator nodes. We will also discuss potential biases and how they might affect the attack effectiveness estimates. revision: yes

  2. Referee: [§5.1] §5.1 (StakeBleed Evaluation): The headline result of ~300 ETH losses in 2 hours via 30 prefixes rests on the unvalidated prefix-to-validator mapping. The section does not report simulation parameters, number of Monte-Carlo runs, or sensitivity to inference errors, making the loss figure impossible to reproduce or bound.

    Authors: We agree that additional details are necessary for reproducibility. The simulations for StakeBleed were performed using a custom simulator modeling the inactivity leak mechanism as per the Ethereum specification. In the revision, we will specify the simulation parameters (e.g., number of validators, stake distribution, leak rate), report that we ran 500 Monte Carlo simulations for statistical reliability, and include a sensitivity analysis varying the inference accuracy to assess the impact on the reported losses of nearly 300 ETH. revision: yes

  3. Referee: [§5.2] §5.2 (KnockBlock Evaluation): The 44.5% MEV gain increase is presented without detailing the MEV data source, block-proposal model, or statistical significance. This quantitative claim is central to the practicality argument yet lacks the error analysis or baseline comparison required for a soundness assessment.

    Authors: Thank you for highlighting this. The MEV calculations draw from publicly available data provided by Flashbots and other MEV relays, using a model where block proposal probability is proportional to validator stake. We will expand the section to detail the data sources, provide the mathematical formulation of the block-proposal and MEV gain model, include error bars or confidence intervals from repeated simulations, and add a baseline comparison showing the MEV without the attack to contextualize the 44.5% increase. revision: yes

Circularity Check

0 steps flagged

No significant circularity; derivation relies on independent framework construction and protocol rules

full rationale

The paper constructs a novel framework for inferring validator IP distributions without network disturbance and then applies it to model the practicality of StakeBleed and KnockBlock attacks using Ethereum PoS reward/penalty mechanics. No equations, fitted parameters, or self-citations are shown that reduce the reported impact numbers (e.g., 300 ETH loss or 44.5% MEV gain) to tautological outputs of the inputs. The central claims retain independent content from the described methods and external protocol specifications, qualifying as self-contained.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The central claims rest on standard networking and blockchain assumptions plus the novel inference framework and attack constructions introduced in the paper.

axioms (2)
  • domain assumption BGP route hijacking can be used to intercept or disrupt traffic to specific IP prefixes
    This is the basis for the network-level attacks described.
  • domain assumption Ethereum PoS has inactivity leak and MEV mechanisms that can be exploited for financial impact
    Core to defining the effects of StakeBleed and KnockBlock.

pith-pipeline@v0.9.0 · 5789 in / 1568 out tokens · 66558 ms · 2026-05-22T16:02:16.243780+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

62 extracted references · 62 canonical work pages

  1. [1]

    Are we there yet? on RPKI’s deployment and security,

    Y. Gilad, A. Cohen, A. Herzberg, M. Schapira, and H. Shulman, “Are we there yet? on RPKI’s deployment and security,” Cryptology ePrint Archive, Paper 2016/1010, 2016. [Online]. Available: https://eprint.iacr.org/2016/1010

    work page 2016

  2. [2]

    Q1 2023 ddos attacks and bgp incidents,

    Q. Labs, “Q1 2023 ddos attacks and bgp incidents,” https://blog.qrator.net/ en/q1-2023-ddos-attacks-and-bgp-incidents_171/, 2023, accessed: 2025-06-03

    work page 2023

  3. [3]

    Q2 2023 ddos attacks statistics and overview,

    ——, “Q2 2023 ddos attacks statistics and overview,” https://blog.qrator.net/en/ q2-2023-ddos-attacks-statistics-and-overview_177/, 2023, accessed: 2025-06-03

    work page 2023

  4. [4]

    Q1 2025 ddos, bots and bgp incidents statistics and overview,

    ——, “Q1 2025 ddos, bots and bgp incidents statistics and overview,” https:// blog.qrator.net/en/q1-2025-ddos-bots-and-bgp-incidents-statistics-and_211/, 2025, accessed: 2025-06-03

    work page 2025

  5. [5]

    Bgp security in 2021,

    Mutually Agreed Norms for Routing Security (MANRS), “Bgp security in 2021,” https://manrs.org/2022/02/bgp-security-in-2021/, 2022, accessed: 2025-06-03

    work page 2021

  6. [6]

    Cloudflare 1.1.1.1 incident on june 27, 2024,

    B. Herdes, M. Zhang, and T. Ryan, “Cloudflare 1.1.1.1 incident on june 27, 2024,” https://blog.cloudflare.com/cloudflare-1111-incident-on-june-27-2024/, 2024, accessed: 2025-06-03

    work page 2024

  7. [7]

    Understanding how facebook disappeared from the internet,

    C. Martinho and T. Strickx, “Understanding how facebook disappeared from the internet,” https://blog.cloudflare.com/october-2021-facebook-outage/, 2021, accessed: 2025-06-03. 17

    work page 2021

  8. [8]

    Understanding bgp misconfig- uration,

    R. Mahajan, D. Wetherall, and T. Anderson, “Understanding bgp misconfig- uration,” inProceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications. ACM,2002, pp.3–16

    work page 2002

  9. [9]

    Celer bridge incident analysis,

    “Celer bridge incident analysis,” https://www.coinbase.com/blog/celer-bridge- incident-analysis

    work page

  10. [10]

    A $152,000 cryptocurrency theft just exploited a huge ’blind spot’ in internet security,

    “A $152,000 cryptocurrency theft just exploited a huge ’blind spot’ in internet security,” https://www.forbes.com/sites/thomasbrewster/2018/04/24/a- 160000-ether-theft-just-exploited-a-massive-blind-spot-in-internet- security/?sh=35607bc85e26

    work page 2018

  11. [11]

    Hacker hijacks orange spain ripe account to cause bgp havoc,

    L. Abrams, “Hacker hijacks orange spain ripe account to cause bgp havoc,” https://www.bleepingcomputer.com/news/security/hacker-hijacks-orange- spain-ripe-account-to-cause-bgp-havoc/, 2024, accessed: 2025-06-03

    work page 2024

  12. [12]

    Hacker redirects traffic from 19 internet providers to steal bitcoins,

    A. Greenberg, “Hacker redirects traffic from 19 internet providers to steal bitcoins,” https://www.wired.com/2014/08/isp-bitcoin-theft/, 2014, accessed: 2025-06-06

    work page 2014

  13. [13]

    How I set up my own Autonomous System,

    D. Swer, “How I set up my own Autonomous System,”daryllswer.com, 2022, accessed: fo2025-06-05

    work page 2022

  14. [14]

    Eclipse attacks on bitcoin’s peer-to-peer network,

    E. Heilman, A. Kendler, A. Zohar, and S. Goldberg, “Eclipse attacks on bitcoin’s peer-to-peer network,” in24th USENIX Security Symposium, USENIX Security 15, W ashington, D.C., USA, August 12-14, 2015., 2015, pp. 129–144. [Online]. Available: https://www .usenix.org/conference/usenixsecurity15/ technical-sessions/presentation/heilman

    work page 2015

  15. [15]

    Partitioning ethereum without eclipsing it

    H. Heo, S. Woo, T. Yoon, M. S. Kang, and S. Shin, “Partitioning ethereum without eclipsing it.” inNDSS, 2023

    work page 2023

  16. [16]

    A stealthier partitioning attack against bitcoin peer-to-peer network,

    M. Tran, I. Choi, G. J. Moon, A. V. Vu, and M. S. Kang, “A stealthier partitioning attack against bitcoin peer-to-peer network,” in2020 IEEE Symposium on Security and Privacy (SP). IEEE, 2020, pp. 894–909

    work page 2020

  17. [17]

    Syncattack: Double-spending in bitcoin without mining power,

    M. Saad, S. Chen, and D. Mohaisen, “Syncattack: Double-spending in bitcoin without mining power,” inProceedings of the 2021 ACM SIGSAC conference on computer and communications security, 2021, pp. 1668–1685

    work page 2021

  18. [18]

    Hijacking bitcoin: Routing attacks on cryptocurrencies,

    M. Apostolaki, A. Zohar, and L. Vanbever, “Hijacking bitcoin: Routing attacks on cryptocurrencies,” in2017 IEEE symposium on security and privacy (SP). IEEE, 2017, pp. 375–392

    work page 2017

  19. [19]

    Routing attacks on cryptocurrency mining pools,

    M. Tran, T. von Arx, and L. Vanbever, “Routing attacks on cryptocurrency mining pools,” in2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 2024, pp. 190–190

    work page 2024

  20. [20]

    Low-cost attacks on ethereum 2.0 by sub-1/3 stakeholders,

    M. Neuder, D. J. Moroz, R. Rao, and D. C. Parkes, “Low-cost attacks on ethereum 2.0 by sub-1/3 stakeholders,”arXiv preprint arXiv:2102.02247, 2021. 18

    work page arXiv 2021

  21. [21]

    Ebb-and-flow protocols: A resolution of the availability-finality dilemma,

    J. Neu, E. N. Tas, and D. Tse, “Ebb-and-flow protocols: A resolution of the availability-finality dilemma,” in2021 IEEE Symposium on Security and Privacy (SP). IEEE, 2021, pp. 446–465

    work page 2021

  22. [22]

    Three attacks on proof-of-stake ethereum,

    C. Schwarz-Schilling, J. Neu, B. Monnot, A. Asgaonkar, E. N. Tas, and D. Tse, “Three attacks on proof-of-stake ethereum,” inFinancial Cryptography and Data Security, I. Eyal and J. Garay, Eds. Cham: Springer International Publishing, 2022

    work page 2022

  23. [23]

    Two more attacks on proof-of-stake ghost/ethereum,

    J. Neu, E. N. Tas, and D. Tse, “Two more attacks on proof-of-stake ghost/ethereum,” inProceedings of the 2022 ACM W orkshop on Developments in Consensus, ser. ConsensusDay ’22. New York, NY, USA: Association for Computing Machinery, 2022, p. 43–52. [Online]. Available: https://doi.org/10.1145/3560829.3563560

    work page doi:10.1145/3560829.3563560 2022

  24. [24]

    Ethereum proof-of-stake under scrutiny,

    U. Pavloff, Y. Amoussou-Guenou, and S. Tucci-Piergiovanni, “Ethereum proof-of-stake under scrutiny,” inProceedings of the 38th ACM/SIGAPP Symposium on Applied Computing, ser. SAC ’23. New York, NY, USA: Association for Computing Machinery, 2023, p. 212–221. [Online]. Available: https://doi.org/10.1145/3555776.3577655

    work page doi:10.1145/3555776.3577655 2023

  25. [25]

    Deanonymizing ethereum validators: The p2p network has a privacy issue,

    L. Heimbach, Y. Vonlanthen, J. Villacis, L. Kiffer, and R. Wattenhofer, “Deanonymizing ethereum validators: The p2p network has a privacy issue,” arXiv preprint arXiv:2409.04366, 2024

    work page arXiv 2024

  26. [26]

    Gossipsub: Attack-resilient message propagation in the filecoin and eth2. 0 networks,

    D. Vyzovitis, Y. Napora, D. McCormick, D. Dias, and Y. Psaras, “Gossipsub: Attack-resilient message propagation in the filecoin and eth2. 0 networks,” arXiv preprint arXiv:2007.02754, 2020

    work page arXiv 2007

  27. [27]

    A border gateway protocol 4 (bgp-4),

    Y. Rekhter, T. Li, and S. Hares, “A border gateway protocol 4 (bgp-4),” Tech. Rep., 2006

    work page 2006

  28. [28]

    Three birds with one stone: Efficient partitioning attacks on interdependent cryptocurrency networks,

    M. Saad and D. Mohaisen, “Three birds with one stone: Efficient partitioning attacks on interdependent cryptocurrency networks,” in2023 IEEE Symposium on Security and Privacy (SP), 2023, pp. 111–125

    work page 2023

  29. [29]

    Settingupapersonalasn,

    N.Bouwhuis,“Settingupapersonalasn,”nick.bouwhuis.net,2023.[Online].Avail- able: https://nick.bouwhuis.net/posts/2023-02-12-setting-up-a-personal-asn/

    work page 2023

  30. [30]

    Securinginternetapplicationsfromroutingattacks,

    Y. Sun, M. Apostolaki, H. Birge-Lee, L. Vanbever, J. Rexford, M. Chiang, and P.Mittal, “Securinginternetapplicationsfromroutingattacks,”Communications of the ACM, vol. 64, no. 6, pp. 86–96, 2021

    work page 2021

  31. [31]

    Why is it taking so long to secure internet routing?

    S. Goldberg, “Why is it taking so long to secure internet routing?” Commun. ACM, vol. 57, no. 10, p. 56–63, Sep. 2014. [Online]. Available: https://doi.org/10.1145/2659899

    work page doi:10.1145/2659899 2014

  32. [32]

    Klayswap – another bgp hijack targeting crypto wallets,

    A. Siddiqui, “Klayswap – another bgp hijack targeting crypto wallets,” MANRS, 2022, accessed 16 August 2024. [Online]. Available: https: //manrs.org/2022/02/klayswap-another-bgp-hijack-targeting-crypto-wallets/ 19

    work page 2022

  33. [33]

    How 3 hours of inaction from amazon cost cryptocurrency holders $235,000,

    D. Goodin, “How 3 hours of inaction from amazon cost cryptocurrency holders $235,000,”Ars T echnica, 2022, accessed 16 August 2024. [Online]. Available: https://arstechnica.com/information-technology/2022/09/how-3- hours-of-inaction-from-amazon-cost-cryptocurrency-holders-235000/

    work page 2022

  34. [34]

    EIP-7917: How often does it help?

    Dapplion, “EIP-7917: How often does it help?” 2025, accessed April 11 2025. [Online]. Available: https: //ethereum-magicians.org/t/eip-7917-deterministic-proposer-lookahead/23259

    work page 2025

  35. [35]

    Understanding bgp misconfiguration,

    R. Mahajan, D. Wetherall, and T. Anderson, “Understanding bgp misconfiguration,” vol. 32, no. 4, p. 3–16, Aug. 2002. [Online]. Available: https://doi.org/10.1145/964725.633027

    work page doi:10.1145/964725.633027 2002

  36. [36]

    Staking launchpad: Validator checklist,

    Ethereum Foundation, “Staking launchpad: Validator checklist,” accessed April 18 2025. [Online]. Available: https://launchpad.ethereum.org/en/checklist

    work page 2025

  37. [37]

    Discovering bitcoin’s public topology and influential nodes.(2015),

    A. Miller, J. Litton, A. Pachulski, N. Gupta, D. Levin, N. Spring, B. Bhattachar- jeeet al., “Discovering bitcoin’s public topology and influential nodes.(2015),” p. 54, 2015

    work page 2015

  38. [38]

    Ethereum node operators,

    Lido, “Ethereum node operators,”Lido Node Operator Portal, 2025, online; accessed 5 June 2025. [Online]. Available: https: //operatorportal.lido.fi/lido-operators-database/ethereum-node-operators

    work page 2025

  39. [39]

    Route Views Project

    The University of Oregon, “Route Views Project.” [Online]. Available: http://www.routeviews.org/routeviews/

    work page

  40. [40]

    pyasn: Python ip address to autonomous system number lookup module,

    H. Asghari and A. Noroozian, “pyasn: Python ip address to autonomous system number lookup module,” 2014, accessed August 25 2024. [Online]. Available: https://github.com/hadiasghari/pyasn

    work page 2014

  41. [41]

    IPInfo Lite,

    IPInfo, “IPInfo Lite,” 2026, accessed January 4 2026. [Online]. Available: https://ipinfo.io/lite

    work page 2026

  42. [42]

    Routinator

    NLnet Labs, “Routinator.” [Online]. Available: https: //www.nlnetlabs.nl/projects/routing/routinator/

    work page

  43. [43]

    A survey among network operators on bgp prefix hijacking,

    P. Sermpezis, V. Kotronis, A. Dainotti, and X. Dimitropoulos, “A survey among network operators on bgp prefix hijacking,”ACM SIGCOMM Computer Communication Review, vol. 48, no. 1, pp. 64–69, 2018

    work page 2018

  44. [44]

    Rated explorer

    Rated.Network, “Rated explorer.” [Online]. Available: https: //explorer.rated.network/slashings?network=mainnet&timesSlashedPage= 1&slashesReportedPage=1

    work page

  45. [45]

    EIP-7549: Move committee index outside of the signed Attestation message,

    Dapplion and M. Kalinin, “EIP-7549: Move committee index outside of the signed Attestation message,”Ethereum Improvement Proposals, 2023. [Online]. Available: https://eips.ethereum.org/EIPS/eip-7549

    work page 2023

  46. [46]

    Mevboost.pics - open data,

    T. Wahrstätter, “Mevboost.pics - open data,” 2023, accessed April 12 2025. [Online]. Available: https://mevboost.pics/data.html 20

    work page 2023

  47. [47]

    How much does it cost?

    APNIC, “How much does it cost?”APNIC, 2025. [Online]. Available: https://www.apnic.net/get-ip/apnic-membership/how-much-does-it-cost/

    work page 2025

  48. [48]

    On the effectiveness of bgp hijackers that evade public route collectors,

    A. Milolidakis, T. Bühler, K. Wang, M. Chiesa, L. Vanbever, and S. Vissicchio, “On the effectiveness of bgp hijackers that evade public route collectors,”IEEE Access, vol. 11, pp. 31092–31124, 2023

    work page 2023

  49. [49]

    Efficient and universally composable single secret leader election from pairings,

    D. Catalano, D. Fiore, and E. Giunta, “Efficient and universally composable single secret leader election from pairings,” inIACR International Conference on Public-Key Cryptography. Springer, 2023, pp. 471–499

    work page 2023

  50. [50]

    Single secret leader election,

    D. Boneh, S. Eskandarian, L. Hanzlik, and N. Greco, “Single secret leader election,” inProceedings of the 2nd ACM Conference on Advances in Financial T echnologies, 2020, pp. 12–24

    work page 2020

  51. [51]

    Whisk: A practical shuffle-based ssle protocol for ethereum,

    G. Kadianakis, J. Drake, D. Feist, G. Herold, D. Khovratovich, M. Maller, and M. Simkin, “Whisk: A practical shuffle-based ssle protocol for ethereum,”Ethereum Research, 2022, online; accessed June 4, 2025. [Online]. Available: https://ethresear.ch/t/whisk-a-practical-shuffle-based-ssle-protocol- for-ethereum/11763

    work page 2022

  52. [52]

    Dandelion++: Lightweight cryptocurrency networking with formal anonymity guarantees,

    G. Fanti, S. B. Venkatakrishnan, S. Bakshi, B. Denby, S. Bhargava, A. Miller, and P. Viswanath, “Dandelion++: Lightweight cryptocurrency networking with formal anonymity guarantees,”Proc. ACM Meas. Anal. Comput. Syst., vol. 2, no. 2, Jun. 2018. [Online]. Available: https://doi.org/10.1145/3224424

    work page doi:10.1145/3224424 2018

  53. [53]

    Partitioning attacks on bitcoin: Colliding space, time, and logic,

    M. Saad, V. Cook, L. Nguyen, M. T. Thai, and A. Mohaisen, “Partitioning attacks on bitcoin: Colliding space, time, and logic,” in2019 IEEE 39th international conference on distributed computing systems (ICDCS). IEEE, 2019, pp. 1175–1187

    work page 2019

  54. [54]

    SABRE: Protecting Bitcoin against Routing Attacks,

    M. Apostolaki, G. Marti, J. Müller, and L. Vanbever, “SABRE: Protecting Bitcoin against Routing Attacks,” inProceedings of the 26th Network and Distributed System Security Symposium (NDSS’19), 2019

    work page 2019

  55. [55]

    Byzantine attacks exploiting penalties in ethereum pos,

    U. Pavloff, Y. Amoussou-Guenou, and S. Tucci-Piergiovanni, “Byzantine attacks exploiting penalties in ethereum pos,” in2024 54th Annual IEEE/IFIP Interna- tional Conference on Dependable Systems and Networks (DSN), 2024, pp. 53–65

    work page 2024

  56. [56]

    Pooled staking,

    Ethereum Foundation, “Pooled staking,” accessed 21 April 2025. [Online]. Available: https://ethereum.org/en/staking/pools/

    work page 2025

  57. [57]

    Ethshadow: Discrete-event ethereum network simulator,

    D. Knopik, “Ethshadow: Discrete-event ethereum network simulator,” Ethereum Protocol F ellowship - Cohort 5, 2024. [Online]. Available: https://github.com/ethereum/ethshadow

    work page 2024

  58. [58]

    Shadow: Running tor in a box for accurate and efficient experimentation,

    R. Jansen and N. J. Hopper, “Shadow: Running tor in a box for accurate and efficient experimentation,” 2011. 21

    work page 2011

  59. [59]

    Seed emulator: An internet emulator for research and education,

    W. Du, H. Zeng, and K. Won, “Seed emulator: An internet emulator for research and education,” inProceedings of the 21st ACM workshop on hot topics in networks, 2022, pp. 101–107

    work page 2022

  60. [60]

    Ethereum package,

    Ethereum Foundation DevOps Team, “Ethereum package,” 2022. [Online]. Available: https://github.com/ethpandaops/ethereum-package

    work page 2022

  61. [61]

    [Online]

    Kurtosis: A platform for packaging and launching ephemeral backend stacks with a focus on approachability for the average developer. [Online]. Available: https://github.com/kurtosis-tech/kurtosis

    work page

  62. [62]

    The menlo report,

    M. Bailey, D. Dittrich, E. Kenneally, and D. Maughan, “The menlo report,” IEEE Security & Privacy, vol. 10, no. 2, pp. 71–75, 2012. ASt akeBleedExample We illustrate theSt akeBleedattack in Fig. 1 where the left figure corresponds to the Internet level view and the right to the blockchain view. We assume a small representative network of 8 ASes (Fig. 1), ...

    work page 2012