Validator Centralization: Cartel in the Making?

It began, as most of the important things in technology do, with a handful of people in a room intensely convinced that everything happening elsewhere was completely incorrect. The year was 1992. Meetings in the San Francisco Bay Area between Tim May, Eric Hughes and John Gilmore would coalesce into what was known as Cypherpunks. The founding ethos of the group had in fact been stated much earlier, in Tim May's Crypto Anarchist Manifesto, penned in 1988 and making the rounds at conferences before anyone had a real system to connect with those concepts. May claimed that despite what any centralized authority would want, strong cryptography will allow people to transact, communicate and organize in a manner impenetrably beyond the ability for any central authority even know about let alone be taxed or regulated. Not eventually. Inevitably.

Cypherpunks did not write academic papers and wait for peer review. They wrote code. And for the next 10 years, all this mailing list was doing was producing Hashcash by Adam Back (on the photo) , Wei Dai's b-money — Nick Szabo's Bit Gold, each a brick in a revocable system that had yet to be built. On October 31, 2008, Satoshi Nakamoto email the cypherpunks-derived cryptography mailing list with the subject line "Bitcoin P2P e-cash paper. The following nine-page documents laid out its purpose very clearly: build a payment system without needing a trusted third party. It was the cypherpunk holy grail, and it actually worked.

At the heart of it, the dream has never been about money even. This wasn't about a kind of decision that any one group could make for the rest. No board of directors. No central bank. No government ministry that had the decision at hand regarding what transactions went from good to bad. It would operate according to rules that everyone could validate, and no one could surreptitiously alter. Consensus, not command.

Now, that vision is under intense structural pressure — not from outside attack, but from the inexorable gravitational pull of economic incentive toward concentration. This is not a threat that announces itself. It builds up at precisely the layer of the system that most people will never give much thought to: validators.

Who Gets to Decide What Goes on the Chain

This is a simple, clean and functional definition of validator: validators validate transactions for compliance with network rules, verify cryptographic signatures, check that the sender has enough funds and add valid transactions to the blockchain. They enforce all the same rules, evenly — with no bias in favor of one group over another.

The key is to "follow network rules." Because the natural follow-up question — the one that's glossed over by the technical description — is whose rules exactly, and what happens when they are subtly changed over time?

In proof-of-stake systems like Ethereum, validators are elected according to their stake. More stake more votes for what passes in terms of blocks. If you argued the concentration of power created by these systems to someone who built them in 2008 they would have been horrified. Since late 2025, Lido, a liquid-staking protocol had dominion over around 27.7% of the overall Ethereum supply staked. Coinbase held 8.4%. Binance held 6.4%. The Nakamoto coefficient for Ethereum staking — the minimum number of, well, things that would have to collude so as to command 51% of consensus — was four. A network that should be completely trustless is actually controlled by four pools.

The Gini coefficient for Ethereum's Top 10,000 wallets in wealth distribution measured over 84.57 % — higher than the latest inequality metric for South Africa coating it with nomination as one of the most unequal distribution on earth.

What makes this dangerous is not the number of players in control but rather the point from which outside pressure can affect. Intelligence agencies and big institutional actors have never required corrupting a system from the ground up. They do not go to the local police — they go to the generals. They come at politicians, not electorates. The same rationality applies to any network in which a small number of well-capitalized, lawfully incorporated, geographically accessible entities are the owners of most consensus power. No need to compromise million validators. Get to the five or six institutions that hold the margin of victory, who have compliance shops and lawyers and licenses you can threaten. One letter to the right GC and suddenly, the generals begin making choices that bubble-down through every block the network churns out.

This is not conspiracy theorizing. It already happened. All of this occurred on a recorded time, measurable and public blockchain with timestamps.

Bending The Rules: How Censorship Has Always Happened

The U.S Treasury sanctioned Tornado Cash, an Ethereum-based privacy mixer in August 2022. OFAC applied its Specially Designated Nationals list — which is typically used to sanction drug traffickers and state-sponsored hackers — to its smart contract addresses and ordered American persons/entities not to engage with them.

One of the real characteristics of hosted, immutable blockchain code was that these smart contracts themselves could not simply be deleted. The unrelated question though (which would determine whether any transactions interacting with those contracts even ended up on the chain) turned out to be surprisingly negotiable.

At this point, Ethereum had already split the task of building blocks from the task of proposing them via its Proposer-Builder Separation design — PBS.

A handful of specialized block builders meant to aggregate various transactions, choose which ones to build into a block, and optimize extractable value before handing the final product to validators for proposing. The design of the architecture was meant to promote more efficient MEV extraction. This left a side effect that no one yelled clearly enough: It narrowed the power of transaction inclusion down to very few companies.

August 2023 saw courts ruling that OFAC sanctions smart contracts, an answer to the builder market came nearly immediately. In a significant reversal from the past 80% of all Ethereum blocks not including transactions with Tornado Cash, it has now dropped to just 9%. A study reported on by Carnegie Mellon University found that before that court ruling, already 46% of all Ethereum blocks produced in November 2022 came from parties that wanted to comply with OFAC sanctions. In fact, at its height nearly 51% of all Ethereum blocks in a 24-hour period were said to reject OFAC-compliant transactions. "The fact we hit 51 percent of blocks excluding OFAC transactions is definitely an important watershed moment," says the CEO of bloXroute Labs.

In the case of censored transactions, this was non-abstract. Avg inclusion delays for sanctioned transactions nearly doubled post-PBS, academic research documented — 15.8 seconds (Aug '22) -> 29.3 seconds (Nov '22), non-censored tx in the same blocks averaged only ~8.7 seconds. Transactions that are delayed by that amount of time and yet still need to occur due to economic realities in many DeFi protocols, such as arbitrary generation, liquidation of collateral-deficient accounts & price oracle updates, really do represent economic harm. Protocols that had to settle a position or process an update of price — and were so either connected with OFAC flagged address — saw their transactions got back up in infrastructure where some bursts just passed each other more slowly, due to others being less equal than others.

This was compounded by the dust attack phenomenon documented in later research. Using 12 ETH researchers discovered adversarial actors were able to "taint" at least 9 million ETH — from affected recipients socking away tiny amounts sent from sanctioned addresses into unrelated wallets. Sanctioned funds have entered innocent addresses without their consent and acting to comply with sanctions at regulated platforms may mean deprioritizing or entirely blocking transactions from those wallets — something that Aave's front-end documented itself doing as an actual example. The contamination was involuntary. The consequences were not.

Even just in purely block builder concentration terms, it had become stark before getting into the censorship question. In late 2024, more than 80% — and at some points over 95% — of all Ethereum blocks were being constructed by two entities. For a plan that was, effectively, to outsource the entire transaction processing layer of the world's second largest blockchain to a nonconsensual-duopoly. All USDT transfers and smart contract calls for DeFi transactions on Ethereum went through the same infrastructure used by these two companies. Not in theory. In practice, by the block.

The Structure of Punishment and the People Who Endure it

Validators who go astray relative to the network rules will receive a very real and literally automated penalty (scaled by degree) system. This is by design — misbehavior should be expensive — but it creates an incentive structure that contributes to the troubling dynamics; combined with the concentration problem, this can be highly disruptive.

Slashing is the most extreme way to punish. An ejected validator proposing competing blocks or signing conflicting attestations is instantly drained of 1/32nd (3.125%) of their effective balance and left to exit the network involuntarily after ~36 days. On day 18 of that exit period, you incur a correlation penalty with respect to others that were slashed in the lagging window proportionally to how many validators were cut off by incentivizing malicious behavior. For example, the cost of isolation due to a single slashing incident is about 1 ETH. Additionally, if a large number of validators are slashed at the same time, the correlation penalty can cause the entirety of 32 ETH stake to be withdrawn. It is an elegantly simple mechanism to prevent coordinated attacks. As its secondary drawback, any sudden change in expected behavior by a major validator operation would entail disastrous correlated losses.

Real incidents illustrate the stakes. In September 2022, a hacker double-signed with one of the public keys associated with Ankr and forty validators tied to it were simultaneously slashed for cumulative losses of more than $52,000. Almost one hundred validators linked to Bitcoin Suisse were slashed for erroneous attestations in November 2023, with an aggregate loss of nearly $200,000. These were not deliberate mistakes, they cost money. In the case of a big institutional validator with legal obligations, slashing poses both a serious threat but, depending on their jurisdictional landscape, so do legal and reputational consequences of being seen to process non-compliant transactions — the result is an extremely strong incentive to stay clear into territory that regulators and counterparties find comfortable.

And the bottleneck that this creates is global. It is not differentiated by asset class, by purpose or by the authenticity of the underlying transaction. Each USDT transfer over Ethereum, each interaction with a DeFi protocol or a smart contract has to go through and be validated by a single validation layer which is both structurally centralized and can easily be pressured from the outside. The second is, if that bottleneck obeys an external direction — even implicitly, such as by updating its relay software or changing the policy of its operator — it similarly propagates throughout all transactions thereafter. It has a small number of chokepoints, and whoever arrives at those chokepoints arrives at everything.

In contrast, the incentive to become one of those chokepoints precludes decentralization. Constructing advanced MEV technology, scaling to the stake criteria that render liquid staking lucrative — these all demand financial resources and company sophistication which in a natural way accustom big, well-funded organizations. A solo validator that runs a single node with 32 ETH earns roughly the same rules but less of it and votes not at all in any governance discussion. If left to their own devices, the economics of the system, drive concentration deeper.

The upside is that the issue has already been well understood by many of those best positioned to address it. The good news is that the incentives for chasing new tokens and narratives are still significantly stronger than any incentive to keep an eye on infrastructure governance at all time.

Distributed Validator Technology — DVT by Lido Protocol tells you to take the single-operator node level vulnerability. DVT splits a validator key over several autonomous operators according to threshold signature schemes, which means no signing is allowed before the quorum is achieved. That means a slashable event could never be induced from one node failing, or one operator being compromised, nor can any single regulator ever instruct an operator to censor something and have such censorship propagate automatically. The adoption of DVT by Lido has been significant in absolute terms, at the end of 2025 711,456 ETH and about 1.99% of the total Ethereum stake were back by DVT-powered validators under Lido: this was an important step but still just a small fraction of the whole.

One of the major structural solutions to the builder centralization issue is EIP-7805, Fork-Choice Enforced Inclusion Lists (FOCIL). Targeting protocol-level censorship rather than voluntary compliance, FOCIL was greenlit as part of Ethereum's upcoming Hegotá upgrade slated for late 2026. At every slot, 16 validators are pseudorandomly chosen to form a committee and each committee checks the public mempool independently and broadcasts a list of transactions they think should be included. So, the block proposer must put those transactions in it. The attesters are to vote only for blocks that satisfy the inclusion constraints from all 16 committee members are ready. A block that does not incorporate any of the listed, valid transactions will not receive attester support and cannot get canonical.

The design diffuses the decision of which transactions to include across a rotating committee using all validators in the system as opposed to concentrating it within 2 block builders. An adversary would need to destroy a randomly selected group of 16 validators (who have no advance knowledge of being selected in that slot) to censor a transaction under FOCIL. Pressuring two known firms that create the greater part of the squares is a formally unique issue.

The governance attention problem is not a technical issue and it ought to be called that. And most of the people that occupy space in crypto ecosystems care about price, about new protocols, about yields. Infrastructure governance — who is validating, how centralized the stake is, what software the builders are running — is not particularly exciting to think about and does not pay off any tokens for those doing the monitoring. Validator set composition, client diversity and builder concentration should be treated as first-order metrics by the communities most committed to crypto's long-term properties. That there are tools for this monitoring exist: on-chain analytics, public staking dashboards, relay statistics from platforms tracking OFAC compliance. The data is available. What is in short supply is sustained attention on the right questions.

Logistics Is Everything

The original cypherpunks got something that so much of crypto discourse today seems to forget: the interesting bit in a decentralized system is not what kind of asset it spins. It is the infrastructure that has no permission to transact with anybody you want. If such immunity exists, it lives at the layer that settles transactions — and is forfeited or weakened exactly at that layer if the entities controlling it become accessible to the same levers of compulsion which are used in the conventional financial system.

This is not theoretical, as evidenced by what happened with Tornado Cash. The code was immutable. However, the actual transaction processing infrastructure was not. Every platform, protocol and user on that infrastructure — without any relation to Tornado Cash whatsoever — lived in an environment where a private policy decision by two or three builder companies meant prioritising their transaction over someone else’s the opposite.

The key to every bottleneck through which everything must filter. The worst failures in supply chains occur not at some high-level consumer-facing layer but rather at obscure logistics choke-points that no one pays attention to until they stop working. And the same thing goes for blockchain infrastructure. The headline protocols, the latest token launches, the governance votes on fee parameters — that type of news dominates the community's attention. The validator composition, the builder market structure, the relay policy updates — these attract considerably less. The fact that something is actually an imbalance, and that anybody that gives a damn about where crypto heads over the next ten years needs to be looking at those bottlenecks — because that's where the future of the system will actually be determined, quietly by twice-a-day cycling in largely unobserved decisions taken at the feet of the entities through whom all transactions have to pass.

Netts also offers a USDT Transfer Calculator, taking some of the opacity out of on-chain costs before submitting a transaction for those interested in getting down to the practical mechanics of what happens when an actual transfer of USDT reaches the network. The tool computes the precise Energy and Bandwidth necessary for any TRC20 USDT send, accounting for whether the target address already holds USDT — which matters because sending to zero-balance addresses costs nearly double Energy (131,000 units vs. 65,000).

You're comparing a large amount of cost here: a normal USDT transfer via TRX burn costs in 13.84 TRX if the receiver has USDT balance and 27.70 TRX if he doesn't; while the receive transaction itself using rented Energy accounts for merely 2 to 5 TRX, which means over 80 percent savings. To help developers who want to access these calculations programmatically, Netts provides an API endpoint that returns Energy and Bandwidth requirements for arbitrary sender-receiver pairs via a simple GET request. When every USDT gas fee on the network behaves as an immediate derivative of your familiarity with resource usage prior to press send, knowing what those numbers are ahead of time isn't optional — it's that fine line between having a good operational cost and just paying for primarily unnecessary overhead.