(AGENPARL) - Roma, 12 Gennaio 2026(AGENPARL) – Mon 12 January 2026 Mercati, infrastrutture, sistemi di pagamento
(Markets, Infrastructures, Payment Systems)
What if Ether Goes to Zero?
How Market Risk Becomes Infrastructure Risk in Crypto
Number
January 2026
by Claudia Biancotti
Mercati, infrastrutture, sistemi di pagamento
(Markets, Infrastructures, Payment Systems)
What if Ether Goes to Zero?
How Market Risk Becomes Infrastructure Risk in Crypto
by Claudia Biancotti
Number 74 – January 2026
The papers published in the ‘Markets, Infrastructures, Payment Systems’ series provide
information and analysis on aspects regarding the institutional duties of the Bank of
Italy in relation to the monitoring of financial markets and payment systems and the
development and management of the corresponding infrastructures in order to foster
a better understanding of these issues and stimulate discussion among institutions,
economic actors and citizens.
The views expressed in the papers are those of the authors and do not necessarily reflect
those of the Bank of Italy.
The series is available online at http://www.bancaditalia.it.
Printed copies can be requested from the Paolo Baffi Library:
Editorial Board: Stefano Siviero, Paolo Del Giovane, Massimo Doria,
Giuseppe Zingrillo, Paolo Libri, Guerino Ardizzi, Paolo Bramini, Francesco Columba,
Luca Filidi, Tiziana Pietraforte, Alfonso Puorro, Antonio Sparacino.
Secretariat: Yi Teresa Wu.
ISSN 2724-6418 (online)
ISSN 2724-640X (print)
Banca d’Italia
Via Nazionale, 91 – 00184 Rome – Italy
Designed and printing by the Printing and Publishing Division of the Bank of Italy
WHAT IF ETHER GOES TO ZERO?
HOW MARKET RISK BECOMES INFRASTRUCTURE
RISK IN CRYPTO
by Claudia Biancotti*
Abstract
Permissionless blockchains, the most common type of settlement infrastructure for crypto, continue
to attract increasing attention from within the traditional financial system. Using these types of
blockchain may have the added advantage of lower cost and higher speed as compared with their
legacy solutions. There is, however, an oft-overlooked, close link between volatile crypto prices and
infrastructure availability and security. Permissionless blockchains are operated by decentralized sets
of independent validators, usually compensated in unbacked crypto-assets – known as native tokens.
Should such tokens incur a substantial and persistent loss in market value, validators might cease
operations. Transaction settlement could slow or stop, and the infrastructure’s exposure to cyberattacks
could increase.
JEL Classification: G15, G23, O30.
Keywords: permissionless blockchains, cryptoassets, financial infrastructure, cyber risk.
Sintesi
Le blockchain permissionless, le infrastrutture di regolamento più comuni nell’ecosistema cripto,
suscitano crescente interesse nel settore finanziario; la loro adozione potrebbe offrire vantaggi in
termini di costi e velocità rispetto alle soluzioni tradizionali. Esiste però un legame stretto, spesso
trascurato, tra la volatilità dei prezzi delle criptoattività e la disponibilità e la sicurezza di queste
infrastrutture. Le blockchain permissionless sono gestite su base decentralizzata da una collettività
di validatori tra loro indipendenti, di solito remunerati in criptoattività non garantite note come
token nativi. Se tali token dovessero subire una perdita sostanziale e persistente di valore di mercato,
i validatori potrebbero decidere di cessare le proprie attività. Il regolamento delle transazioni
potrebbe rallentare o fermarsi del tutto e l’esposizione dell’infrastruttura agli attacchi informatici
aumenterebbe.
Bank of Italy, Directorate General for Information Technology.
CONTENTS
1. Introduction
2. Economic incentives in permissionless blockchains: the case of Ethereum
3. Impact of prices on validator activity
4. What happens on the way down?
5. Conclusions
1. Introduc on1
Permissionless blockchains (henceforth, PBs) are the most common type of se lement infrastructure in
the crypto space. There are several compe ng PBs, each of them suppor ng transac ons in a set of assets
(tokens). These sets can overlap, with the biggest assets – including large stablecoins – exchanged on many
PBs. There is some degree of interoperability across PBs.
If a PB stops working for any reason, all assets it supports are affected. This may seem like an obvious
considera on, true of any se lement infrastructure. In crypto, however, it carries a different weight, because
the correct func oning and security of PBs can be affected by the market price of certain unbacked crypto
assets. For example, in an extreme scenario where the price of the unbacked ether (ETH) token goes to zero,
all assets on the popular Ethereum PB – including fully-backed stablecoins – could become impossible to
transfer. Even if the infrastructure remained opera onal, some safeguards against transac on manipula on
would be weakened, possibly enabling malicious actors to spend the same tokens mul ple mes. In other
words, on PBs market risk for unbacked assets can morph into se lement and cyber risk for assets that are
generally considered safer, such as stablecoins and tokenized stocks and bonds.
This paper explains why and briefly discusses the implica ons.2
2. Economic incen ves in permissionless blockchains: the case of Ethereum
PBs are voluntary efforts. They only work un l enough independent en es, the validators, decide to
contribute to the network’s opera on and security (in the context of PBs, “network security” is o en used as
a synonym of “transac on integrity”). Anyone can be a validator, hence “permissionless”. 3 Par cipa on in
valida ng transac ons generally results in collec ng rewards paid out in each PB’s so-called na ve token, an
unbacked cryptoasset.
In the following, we outline the economic incen ve mechanisms for validators on Ethereum, the longeststanding mul -asset PB. The key concepts generalize to other widely used PBs, such as Solana, Tron, and BNB
Chain. While the exact mechanisms differ, the underlying logic is similar. 4,5
I would like to thank Giuseppe Galano, Ma eo Nardelli, Giovanni Veronese, Michele Savini Zangrandi, Giuseppe
Zingrillo, and an anonymous referee for comments and sugges ons. The opinions expressed in this paper are the
author’s and should not be a ributed to the Bank of Italy. All data on the Ethereum ecosystem are current as of
September 23, 2025.
Governance, technology, and legal risks of PBs have been addressed in Basel Commi ee for Banking Supervision (2024),
Novel Risks, Mi gants and Uncertain es with Permissionless Distributed Ledger Technology, BIS Working Paper 44.
Poten al benefits and risks of PB adop on in the tradi onal financial sector are also discussed in Bindseil, U. and O.
Malekan (2025), Public Crypto Networks as Financial Infrastructures, SSRN, and a large number of online venues. To our
knowledge, however, no exis ng work focuses on the link between vola lity in crypto prices and infrastructure
availability and security.
There is some debate as to whether “permissionless” should be taken to mean that anyone can validate transac ons,
or that anyone can par cipate in any network ac vity, e.g. transac ons and crea on of smart contracts. In this note, we
follow the most restric ve interpreta on. For details see Basel Commi ee on Banking Supervision, ibid.
Economic incen ves are not the only factor driving the decision to become a validator. Indeed, in the early days of
crypto, most validators were likely mo vated by idealism and reputa onal considera ons. These components s ll play
a part today. This paper focuses on the economic drivers for validator behavior.
A minority of PBs, e.g. XRP Ledger and Stellar, do not offer rewards in na ve tokens. In these cases, validators provide
resources for securing the network without ge ng a direct payment in return. They may – and do – s ll contribute either
because they have a direct economic interest in the infrastructure running smoothly (e.g. providers of on-chain financial
services) or because they have non-economic mo va ons. Transac on volumes on PBs of this type are currently
negligible when compared to PBs that follow the token reward model.
2.1 Background on Ethereum
The Ethereum PB was launched in 2015 by Russian-Canadian developer Vitalik Buterin and others. It was
the first major turning point in crypto history a er Bitcoin’s 2009 launch.
While the stated aim of Bitcoin’s creators was the introduc on of a peer-to-peer payment system,
Ethereum leverages the same technology to build a “world computer”.6 The Bitcoin blockchain only supports
very simple opera ons, chiefly the crea on and transfer of bitcoin tokens.7 Ethereum does that with ETH
(“na ve”8) tokens, but also enables the upload and execu on of computer code (smart contracts) on the
blockchain. Very popular use cases for this func onality are the issuance of new assets, for which Ethereum
provides technical standards9 and a simple procedure, and the provision of financial services – say, a smart
contract can control a lending protocol, where users can deposit collateral in one cryptoasset and receive a
loan in another without intermediaries, or a decentralized exchange.
At the me of wri ng, over 1.7 million different assets existed on the Ethereum blockchain,10 although
most had no market value.11 Total capitaliza on on the PB amounted to over $800bn and was concentrated
in the top 20 assets, which include the ETH token itself ($490bn) and two large dollar stablecoins ($140bn
when combined). The Ethereum network was run by approximately 10,000 servers (“nodes”) distributed over
more than thirty countries, with the United States and Germany in the lead.12
A node is physical infrastructure that maintains a copy of the blockchain, i.e. the database containing all
transac ons that ever happened on Ethereum. En es running nodes can be anonymous, just as ordinary
users can, although on Ethereum and other large PBs it is quite common for industry players to run iden fied
pools of nodes.
2.2 Transac on se lement: rules and economic incen ves13
Besides hos ng a copy of the blockchain, node operators can choose to par cipate in the process of
transac on valida on, which equates to se lement in tradi onal finance. This requires the crea on of
so ware agents known as validators. A node and a validator are not the same thing. A node can manage zero,
one, two, or even thousands of validators. For example, US-based exchange Coinbase runs 120,000 of them.
The total number of validators in the world is currently es mated at over one million.14
See e.g. P. Apostolicas (2021), Explaining Ethereum: an Interview with Vitalik Buterin, Harvard Interna onal Review.
This is the reason why in this note we do not discuss the Bitcoin PB, although it was the first – and, so far, remains the
most technically robust – example of a se lement system secured on a decentralized basis through economic incen ves.
The 2021 Taproot Assets Protocol, a Bitcoin network upgrade, theore cally enables the issuance and transfer of other
tokens on the Bitcoin PB. So far, however, it has seen li le use. A drama c fall in the price of Bitcoin would likely have a
significant impact on the whole crypto ecosystem, including on the security and availability of other PBs, but not in the
straigh orward way described here for Ethereum and other PBs that are explicitly designed to support mul ple assets.
A na ve token is the original asset issued on a PB. It cons tutes the unit of account for any costs and rewards related
to par cipa ng in blockchain ac vity. On most PBs, it is the only token that can be used to pay transac on fees.
Examples are the ERC-20 and the ERC-721 standards, respec vely covering general-purpose fungible tokens and nonfungible tokens (NFTs).
Source: Etherscan ERC-20 Token Tracker. The figure listed in the tracker provides a lower bound for the total number
of exis ng assets, since it only refers to tokens that meet the ERC-20 standard.
Anyone can issue a cryptoasset on a PB at very low cost, and most such assets end up failing, without being listed on
any trading venue. According to recent es mates, the total number of exis ng cryptoassets issued across all PBs
surpasses 37 million, but specialist data providers only track between ten and twenty thousand.
Source: Ethernode. Both the number and the geographical distribu on of nodes vary depending on the day.
In the following, some technical and economic details are going to be simplified or omi ed for the sake of clarity. For
technical documenta on see Ethereum.org. For a discussion of economic incen ves see John, K., B. Monnot, P. Mueller,
F. Saleh, and C. Schwarz-Schilling (2025), The Economics of Ethereum, Journal of Corporate Finance 91.
Source: Beaconcha.in.
As user transac ons are sent to the Ethereum network, they enter a queue called the mempool.
Validators look at the mempool on a con nuous basis and assemble pending transac ons into blocks, or
groups that will be se led simultaneously. Roughly every 12 seconds, or about 7,200 mes per day, a validator
is chosen at random to propose a new block, which is broadcast to the rest of the network and submi ed to
rota ng sets of randomly selected validators for integrity checks (“a esta on”).15 Once a qualified majority
of the a esters have confirmed the proposed block’s integrity, the block can be wri en to the blockchain.16
This means that the transac ons in that block are se led, i.e. become irreversible, and the network is ready
for the next block.
What happens during block crea on and se lement is crucial for understanding the rela onship between
ETH value and network availability and security. In this phase, two separate sets of incen ves are at work –
one drives par cipa on in valida on, which results in availability; the other keeps validators honest, which
results in security.
Where par cipa on is concerned, what ma ers are per-block rewards, also known as staking rewards
(see below). Upon inclusion of a block in the blockchain, validators earn ETH from three sources. First,
whenever a new block is created, the network issues some new ETH tokens and distributes them across both
proposer and a esters for that block.17,18 Second, the proposer appropriates the total fees (“gas”) paid by
users to submit transac ons included in the block.19 Third, the proposer appropriates profit created by
leveraging the power to select and order pending transac ons, e.g. by performing arbitrage across different
exchanges.20 This is called maximum extractable value (MEV). Both gas fees and MEV are, again, in ETH.
Integrity checks include the verifica on of cryptographic signatures and verifica on that the proposer is not proposing
contradictory transac ons, such as the use of the same tokens for two different payments.
Since several blocks can be validated at the same me, at any me there can be different compe ng blockchains, of
which the longest one is chosen as a source of truth.
Before a major network upgrade in 2022, this amount was fixed at 2 ETH. It now increases propor onally to the square
root of total validators ac ve on the network, implying that poten al per-validator rewards go down as the size of the
validator set increases.
Excessive growth in ETH supply (“token infla on”) is avoided by permanently destroying (“burning”) a share of
transac on fees paid for each block. The circula ng supply has been stable at approximately 120 million tokens since
September 2022. Token infla on is an ideologically charged issue in the crypto community. Bitcoin originally emerged
from a cultural context deeply suspicious of tradi onal monetary and financial systems, and especially cri cal of central
banks’ power to increase money supply. Indeed, the total supply of bitcoin tokens is algorithmically fixed at 21 million.
Some cryptoassets, such as Litecoin, replicate this scheme. Others, such as Ethereum and BNB, pursue a similar goal
through burn rules. There is, however, a tension between keeping supply ghtly limited and rewarding validators for
their efforts with new issuance, irrespec ve of token price dynamics. A few popular protocols, such as Solana, have
programmed infla on and no supply cap.
Gas is measured in Gwei, a unit corresponding to 10-9 ETH. Each block can contain fees for a maximum of 30 million
Gwei.
For example, a validator may see that one user wants to sell 1 ETH against the USDC stablecoin on a certain
decentralized exchange, where the going rate is $4,200 per ETH. Another user wants to buy 1 ETH with USDC on a
different decentralized exchange, where the going rate is $4,202 per ETH. By inser ng their own transac ons on either
side of the users’, i.e. buying the ETH for $4,200 and reselling it for $4,202, the validator can appropriate the $2 difference
net of any transac on fees. MEV is problema c because validators, besides arbitraging, can also engage in ac vity that
resembles insider trading. One example is the so-called sandwich a ack. For example, a user will place a buy order for
a given token at a price of $10, indica ng tolerance for “slippage”, or price varia on, of 2%. The validator may front-run
the transac on, inser ng their own buy of the same number of tokens right before the user’s. If the token’s liquidity is
low enough, this will result in a price increase right a er the validator’s transac on. If the price increase is within the
slippage margin, the validator will immediately resell the tokens to the user, appropria ng the difference. According to
recent es mates, at least $1bn of MEV was extracted on Ethereum over the course of 2024. For an ins tu onal view on
MEV see Auer, R., J. Frost, and J.M. Vidal Pastor, 2022, Miners as Intermediaries: Extractable Value and Market
Manipula on in Crypto and DeFi, BIS Bulle n 58.
Network security is incen vized through the mechanism governing eligibility for valida on du es. Each
validator is created by deposi ng between 32 ETH ($134,000 at current prices) and 2048 ETH21 ($8.58m) to
an address managed by a smart contract. This is called staking.22,23 Validators constantly monitor each other
for malicious or negligent behavior, e.g. a empts to ac vely tamper with transac on data or failing to
par cipate in a esta ons when selected. If any validator is caught chea ng, a quota of its stake is removed
(“slashed”) and then destroyed (“burned”). Lesser offenses, such as prolonged down me, are punished with
smaller penal es.24
Malicious behavior is s ll possible if enough validators collude. A proposer can broadcast blocks with
conflic ng informa on and have them included in the blockchain if enough a esters are complicit. The most
significant threat is double spending, whereby an actor sends tokens to a counterparty, obtains something
valuable in return, and then reverses the payment by altering transac on history. This is easiest if the
“something valuable” is off-chain – a good or service, or fiat money resul ng from e.g. the sale of tokens on
an exchange.25
This type of a ack can work only if colluders make up over 50 per cent of all ac ve validators for a
sustained period, meaning that they must control over 50 per cent of all staked ETH. This value is called the
“economic security budget” of Ethereum, i.e. the minimum investment necessary to a ack the network
successfully.26,27 At the me of wri ng, the economic security budget amounts to about ETH 17m, or over $
71bn, making an a ack extremely unlikely.28,29
Before the May 2025 Pectra upgrade, the stake was fixed at 32 ETH.
This valida on framework is called proof-of-stake, and it is different from the Bitcoin proof-of-work method in that it
does not require extensive energy consump on. Ethereum was born as a proof-of-work network, then transi oned to
proof-of-stake in September 2022. Solo staking, or running a validator node directly, implies a large upfront investment
for the stake itself, one- me hardware costs that some es mates put at around $1,200, and recurring opera onal costs
for energy and connec vity that vary across geographies and me but are generally trivial ($20-$30 per month in the
US). Cybersecurity costs also must be factored in; in the absence of regulatory requirements, security choices and
associated expenses can vary greatly. Large stakers with thousands of nodes can profit from economies of scale on all
opera onal costs. Those who are not able or willing to stake at least 32 ETH to run a node can either par cipate in liquid
staking (see note 32) or buy staking as-a-service for any amount of ETH. This is a form of financial investment, and it
entails intermedia on fees but not direct opera onal costs. Another possibility that eliminates the upfront cost of the
stake is ren ng a node.
The staked ETH cannot be withdrawn un l a validator is re red from ac vity.
Both slashing and lesser penal es are historically rare, because network par cipants are aware of the rules.
Double-spending in the context of token swaps, e.g. a sale of ETH for stablecoins, is very difficult. Swaps in crypto are
generally atomic, meaning that the two assets involved are transferred simultaneously. Even with a majority of valida on
power, it is not possible to reverse only one of the two transfers composing an atomic swap. Double-spending can s ll
happen for non-atomic swaps, although it would be significantly more complex than double-spending when one leg of
the transac on is off-chain.
Some mes, total staked ETH (without dividing by two) is used as a metric of security.
The economic security budget references the cost of a double-spending a ack. There are other possible types of a ack
requiring either 34 per cent or 67 per cent of aggregate stake. Some of them are equally, if not more, dangerous. For a
deep dive on a ack techniques, see this guide at Ethereum.org.
While some state actors may have the resources to stage such an a ack, it would be of interest only if the goal was
disrup on and loss of public trust in the Ethereum ecosystem, possibly coupled with profits from taking short posi ons
on ETH and other tokens. Simple the could hardly net the a ackers more than the ini al investment, also considering
the difficulty of laundering proceeds on such a large scale.
For an alterna ve reading, sugges ng that large-scale adop on of permissionless blockchains may come with security
costs in the order of tens of trillions, see E. Budish (2025), Trust at Scale: the Economic Limits of Cryptocurrencies and
Blockchains, Quarterly Journal of Economics 140(1): 1-62. The author notes that “the economic security of a
permissionless consensus protocol should be thought of not as a 0-1 variable that simply breaks at a threshold ρ, as in
the classic distributed-consensus literature […], but as an incen ve-compa bility constraint.” For a permissionless
blockchain to be secure, the flow cost of trust support (i.e. the amount of resources that validators are willing to commit
2.3 Validator profitability and market prices
Rewards from par cipa ng in valida on can be quite vola le. On the one hand, a validator’s expected
earnings in ETH are affected by several factors – the total number of validators, which determines the
probability of being selected as a proposer at any me30; gas fees, which are a func on of variable demand
for transac ons; constantly changing opportuni es for MEV; and varia on in protocol rules. On the other
hand, and more importantly, the dollar price of ETH is subject to sharp fluctua ons.
Figure 1 shows daily Ethereum block rewards (excluding MEV31) in percentage of total staked ETH for Lido
Finance, a decentralized protocol that allows users to deposit ETH and collect staking rewards.32 Lido accounts
for roughly one quarter of all staked ETH. The trend shown in Figure 1 is representa ve of all centralized
providers and decentralized protocols whose validator pool is large enough to smooth out glitches from
randomness in proposer selec on.33
Annual rewards were considerably higher at the start of the selected period, peaking at over 9 per cent
in 2023 because of network conges on induced by a memecoin launch, and increased transac on fees. Over
me, rewards fell as more validators came online and compe on increased. Today, they have stabilized at
around 3 per cent, or about 1 ETH per validator for the minimum stake of 32 ETH, although the path forward
is unclear as Ethereum evolves.
On its own, annual return in the range of 3 per cent would probably not be interes ng for a typical riskloving crypto investor.34 And, indeed, the vola lity in ETH prices has largely overshadowed any oscilla ons in
staking rewards.
Figure 1
Annual percentage return on staking (ETH), Lido Finance, January 2023 – September 2025
Source: beaconcha.in. “Epoch” on the X axis refers to Ethereum’s internal calendar system (see note 29).
to secure the network) should always be rela vely large compared to the expected value of an a ack. In our framework,
assuming that the value of an a ack is measured in fiat currency – e.g. because the a acker double-spends stablecoins
that are then converted into fiat – this would imply a constantly increasing value of a PB’s na ve token as assets on the
PB grow.
The probability of being selected as an a ester is fixed at exactly once every set of 32 blocks, or “epoch”.
Per-block MEV sta s cs for this operator were not available. The chart is therefore only based on rewards from block
proposals/a esta ons and from gas fees. MEV can be expected to add a further 0.5-1% to total rewards, but today it is
distributed across a complex supply chain and only a part of it accrues to the validators (see John et al, ibid).
Once deposited into Lido’s smart contracts, user-provided ETH are transferred for actual staking to professional node
operators. For each ETH (or frac on thereof) deposited, users receive a so-called liquid staking token which accrues
staking rewards. Liquid staking tokens are tradable. The protocol accounts for almost one third of all staked ETH.
O en, these actors sell shares in their validators (“liquid staking tokens”) to consumers who do not have or want to
stake at least 32 ETH, and propor onally distribute staking rewards, minus an intermedia on fee.
In crypto circles, ETH staking rewards are o en called “the risk-free rate” of the ecosystem.
Figure 2 shows the dollar price of ETH in the same me interval. An investor who bought 32 ETH to set
up a validator in January 2023 and operated it throughout the period would now be si ng on an unrealized
250 per cent capital gain on the staked ETH. Conversely, an investor who bought and staked the 32 ETH at
peak December 2024 prices would be suffering an unrealized 15 per cent capital loss.35
Figure 2
USD per ether, January 2023 – September 2025
6.000,00
5.000,00
4.000,00
3.000,00
2.000,00
1.000,00
Source: Inves ng.com.
3. Impact of prices on validator ac vity
In its first few months of life, back in 2015, ETH traded between $ 0.50 and $ 2. A er several boom-andbust cycles, partly following Bitcoin’s fortunes and partly driven by idiosyncra c factors, the token achieved
an all- me high of nearly $5,000 in November 2021. The 2022 crypto crisis brought the price below $ 1,000
again. As shown in Figure 2, strong vola lity persisted into the following years.
3.1 Historical evidence
So far, turbulence in prices does not seem to have affected overall validator ac vity. Figure 3 shows that
in the past two years the number of validators grew steadily, only to stabilize in H2 2024. Short-term vola lity
some mes coincides with unusually high turnover in the validator set, but establishing causality is not
straigh orward, and the phenomenon remains modest in quan ta ve terms.36
There are a few possible explana ons for this. Markets for unbacked crypto assets are driven mostly by
investor confidence since there are no tradi onal fundamentals to anchor the price. In industry parlance, the
steadfast convic on that “number go up”, i.e. value will rise indefinitely in the long run, plays a key role.37
A precise analysis of individual validator profitability, at least a er Ethereum’s 2022 transi on to proof-of-stake, is
theore cally possible because most necessary data are public, but it would be very resource-consuming.
Recent validator queue data show that ordinary turnover is very low, with exit and entries combined involving frac ons
of percentage points of total staked ETH on an average day. Excep onal vola lity appears to affect validator behavior
non-linearly. Rapid token apprecia on, for example, was followed by a surge in entries in both 2024 and 2025, but in the
la er period there was also a surge in exits, peaking at an unprecedented 8 per cent of total staked ETH in Q3 2025. This
suggests that price growth may make staking more a rac ve to some through an effect on expecta ons, while triggering
immediate profit-taking behavior for others. Over the same period, price slumps were not accompanied by significant
validator churn. Further work would be needed to disentangle price effects from other factors (source: Ethereum
Validator Queue).
This is most evident for Bitcoin, and also true for other tokens that are perceived by some as a store of value.
Blockchain data shows that in May 2024 about 45 per cent of bitcoin and 32 per cent of ether had not been moved for
Figure 3
Total number of validators on Ethereum, January 2023 – September 2025
Source: beaconcha.in. “Epoch” on the X axis refers to Ethereum’s internal calendar system (see note 29).
This may be especially true for token holders who also choose to run validators, reflec ng a knowledge
of and belief in the ecosystem exceeding that of casual par cipants. As long as their long-term expecta ons
remain posi ve, they will keep staking even during highly uncertain mes.38 At present, while a repeat of the
2015-2025 2,000-fold growth seems unlikely, price expecta ons are likely to be op mis c on account of the
pro-crypto US policy pivot, which also includes a drive for the adop on of PBs.39
As a secondary factor, the mechanism whereby per capita staking rewards increase as the validator pool
thins may play a part in stabilizing the pool in the short run. Moreover, given market dynamics in the past ten
years, very long-term ETH holders are s ll opera ng at a profit, and the price would need to crash quite
drama cally for them to incur losses.
3.2 Possible triggers of confidence loss
A reasonable baseline predic on is that Ethereum will keep opera ng smoothly in the foreseeable future.
Yet, especially as integra on with the tradi onal financial system proceeds, edge cases must be accounted
A single market crash is unlikely to lead to validator exodus, if price recovery is expected.40 On the other
hand, a deep confidence crisis that affects long-term expecta ons could. Poten al triggers may be:
at least three years, despite drama c price changes. This is not a precise es mate, because it does not account for moves
across different pseudonymous addresses controlled by the same en ty, or for trades that happen within centralized
exchanges. An exact comparison between Bitcoin and Ethereum is hard to draw because here are more reasons for an
investor to move ether around compared to bitcoin (e.g. to post it as collateral on DeFi apps), so for Ethereum the share
of unmoved coins is even more imperfect a proxy for actual holding mes. Note that a share of those coins could be lost
forever, on account of original holders not having access to their cryptographic keys any longer.
ETH and other na ve tokens for popular PBs have a use value for transac on fees, they can trigger income flows via
staking, and to some they may proxy for the perceived value of the infrastructure, even if they do not confer any claim
on it. S ll, as shown above, market price movements are what ma ers most in determining how profitable par cipa ng
in the network is, and big swings historically were not driven by demand for transac ons.
See White House, Executive Order on Strengthening American Leadership in Digital Financial Technology, January 23,
2025; Office of the Comptroller of the Currency, Interpretive Letter 1183, March 7, 2025.
The mechanism of expecta on forma on might change if tradi onal financial players enter the staking space. Such
players might be more reac ve to actual price signals and less mo vated by the belief that crypto will ul mately succeed.
(a) internal to Ethereum, e.g. governance difficul es leading to instability in network rules and a
percep on of unreliability; 41
(b) external to Ethereum but internal to the crypto ecosystem, e.g. a serious loss of confidence in Bitcoin,
which ripples across the whole ecosystem,42 or the emergence of a strong compe tor in the space of
mul -asset PBs, which performs significantly be er than Ethereum in crucial areas such as scalability,
se lement speed, or se lement cost;
(c) external to the crypto ecosystem, such as a major macroeconomic shock diver ng capital flows from
risk assets over the medium term, or a technological development providing a superior, nonblockchain alterna ve to PBs.
Triggers of different types might occur together and reinforce each other.
4. What happens on the way down?
4.1 From confidence to infrastructure crisis
In the event of a downward price spiral accompanied by persistent nega ve expecta ons, it is likely that
stakers would want to sell their ETH as quickly as possible. This requires unstaking the coins, i.e. turning
validators off. Asympto cally, no validators means that the network does not work anymore – users could
keep on submi ng transac ons, but those would never be se led. Assets would s ll live on-chain, but they
would be immovable.
This situa on would not materialize immediately, because unstaking in Ethereum is not instant (see
Sec on 4.2). In the interim, as the economic security budget went down and a acks became cheaper,
malicious actors could take control of the network with the goal of double-spending assets or otherwise
compromising transac on integrity. ETH with next to no value would not be desirable prey, but stablecoins
and tokenized stocks or bonds would, especially if issuers were legally bound to reimburse them at face value.
Malicious actors would eventually leave as well, leading back to the network halt scenario.
In prac ce, the consequences of a confidence crisis for ordinary holders of assets other than ETH would
depend heavily on how orderly the unwind of the network is. This is quite difficult to predict. On the one
hand, over the years crypto has shown some ability to spontaneously re-organize and come back even at very
cri cal junc ons, including major cybera acks. On the other, nothing on the scale of major infrastructure
breakdown has ever happened.
4.2 Limits of mi ga on strategies
Since PBs are not subject to any regulatory framework, at present the possibility of an orderly unwind
would depend en rely on technical safeguards built into the system and voluntary ac ons of par cipants.
The Ethereum protocol has built-in minimum unstaking mes, which lengthen as more validators join the
queue to get out.43 In uneven ul periods, unstaking and withdrawing the 32 ETH stake takes approximately
28 hours. Should many stakers join the queue at the same me, expected withdrawal mes would be counted
in weeks, or even months, because there is a daily cap to exits.44 This would buy some me for network
See, for example, The Ethereum Roadmap Wars, Bankless podcast. Governance is generally considered one of the
weak points of PBs (BCBS, ibid.)
This could go both ways depending on the cause of the loss of confidence. Bitcoin is perceived as the anchor for the
broader crypto system, and so far the rest of the market has mostly echoed the token’s gyra ons. However, if the Bitcoin
crisis was triggered by a highly idiosyncra c factor – say, the massive sale of coins that have so far been locked in wallets
belonging to the mysterious creator(s) Satoshi Nakamoto –, Ethereum could benefit if perceived as a safer alterna ve.
This mechanism was born as a security device, to prevent malicious actors from amassing massive stakes just to
conduct an a ack and liquidate them right a er, thus minimizing losses related to any post-a ack price fall.
At present, the network can process about 3,600 validator exits per day.
availability,45 and perhaps also for security, as it may slow price movements down. At this point, however,
network par cipants would need to take ac on to forestall extensive damage.
Since there is no formal lender of last resort or crisis resolu on mechanism in crypto, the choice of what
to do would be le en rely to the incen ves of individual actors. Ideally, all asset custodians, issuers, and
even small owners would need to co-ordinate, to transfer their opera ons and holdings in an orderly fashion
to another func oning PB before Ethereum is a acked, halts, or both – in a world where se lement is not
intermediated, a flight to safety means a switch in infrastructure. There are, however, three roadblocks.
First, technology for such a transfer is indeed available, in the form of so-called bridges, but it is famously
vulnerable to cyber a acks,46 and it may not have the capacity to sustain a massive exodus.47 Second,
coordina on of all par cipants in a decentralized network such as Ethereum, which spans the globe and
includes actors with conflic ng interests,48 is not a realis c prospect. Third, about $85bn worth of various
assets are locked in DeFi protocols,49 whose governance mechanisms might prevent fast decisions.50
Deep-pocketed industry actors, such as top exchanges or stablecoin issuers, might also a empt to create
a backstop – say, an emergency rescue fund to stabilize the price of ETH via massive buys. This would be very
unlikely to work, especially if the confidence crisis was triggered by technological inferiority of Ethereum visà-vis a compe ng PB, or any other issue that is difficult to fix in short order. The market could doubt the
credibility of the fund, or even outright a ack it. Should the fund bleed out billions in the span of hours,
sponsors would leave.
4.3 A possible outcome
Considering the history and current characteris cs of crypto, one possible outcome would be staggered
failure with par al asset recovery. The Ethereum Founda on, a non-profit which plays a loose steering role in
Ethereum, and large corporate stakers might publicly commit resources to keep enough validators up at least
for a given me span, which would be communicated transparently to prevent panic. This measure would
supplement the automa c delays in validator exit and might have some success in keeping the network
running for some weeks or months. Yet, it would not be enough to change the direc on of the confidence
crisis, so investors in ETH would eventually face significant capital losses.
During this period some centralized exchanges and issuers of assets, including stablecoins and RWAs,
would be able to bridge at least part of their opera ons to other PBs, but the process could be very fraught.
It would take me, and cyber a acks on bridges would mul ply. Un l clear signals emerge that a certain asset
is safely living on another PB, it would be speculated against, possibly even leading to de-pegging of weaker
stablecoins. In general, larger en es that already have mul -chain opera ons and nimble, technically
Se lement issues, however, could start emerging even in an early phase. If many stakers just turned off their machines
while wai ng to be cleared for unstaking, se lement finality might be compromised.
Most bridges work by locking or burning assets on a source PB, and min ng them on the des na on PB. This requires
a complex architecture, featuring smart contracts on each of the PBs, and off-chain components that enable
communica on between the two sets of smart contracts. Vulnerabili es in even one of these components have resulted
in large hacks. See Belenkov, N., V. Callens, A. Murashkin, K. Bak, M. Derka, J. Gorzny, and S.-S. Lee (2023), A Review of
Cross-Chain Bridge Hacks in 2023, arXiv 2023: 2501.03423v1.
Bridge throughput is capped by transac on-per-second limits for the slowest of the linked PBs, plus any conges on of
the bridge itself. There is no historical data on how bridges perform under extreme stress, but chances are that they
would strain under pressure, since they o en rely on small internal validator sets.
Saving the network may look like a goal that is worthy to all par cipants. In crypto, however, specula on is the norm
and can prevail over common interest. Some actors might be looking to profit from the chaos and make a quick exit.
Source: DefiLlama.
The governance mechanism of choice for DeFi protocols is the Decentralized Autonomous Organiza on (DAO), where
holders of certain tokens are eligible to vote on which direc on development should take.
advanced fron er players would fare be er compared to middling actors. A large share of value locked in DeFi
would be lost to either liquida on of leveraged posi ons or hesita on in decisions to leave.
Should any malicious actor gain control of more than 50 per cent of the network, the first line of defense
would be asset freezes and blacklis ng. Centralized actors rou nely block the circula on of stolen assets,
either spontaneously or at the behest of law enforcement. Double-spending could be contained in a similar
way. This is mostly not done on-chain and could therefore work even if the network was under a ack. S ll,
freezes are only somewhat effec ve because money laundering in crypto is easy.
The Ethereum Founda on could intervene with a heavier hand by trying to impose a hard fork, or an
authorita ve overwrite of the blockchain, which would reverse illicit transac ons. This may work one or two
mes, but persistent a acks followed by hard forks would dent confidence even more, also by inducing
profound ri s in the crypto community.51
5. Conclusions
In this paper, we discussed how on PBs market risk for unbacked assets can morph into se lement and
cyber risk for backed assets, using Ethereum as an example.
The implica ons for policymakers are not straigh orward. Part of the financial industry is looking at
adop ng permissioned blockchains, where only authorized en es can run validators, and unbacked
cryptoasset do not play a role. Such schemes also simplify compliance with AML/CFT regula on. S ll, they
come with higher costs compared to just plugging into Ethereum or Solana, and at least some adop on of
PBs in their current form cannot be excluded – indeed, it already exists.52
Regulators have two op ons. The first is deeming PBs en rely unsuitable for adop on on the part of
supervised intermediaries, on account of reliance on the prices of na ve tokens. The second op on is
permi ng PB adop on, while pu ng risk mi ga on measures in place. This stance is more favorable to
innova on, yet it comes with significant challenges. Despite the existence of loose steering groups, PBs are
decentralized by nature and can hardly be transformed into tradi onal infrastructure providers. Central banks
cannot be expected to prop up the price of na ve tokens that are privately issued and subject to specula on
just to keep the infrastructure running and secure.
Perhaps the best shot would entail pu ng obliga ons on the issuers of backed assets such as stablecoins
– say, the adop on of business con nuity plans, as suggested by the Basel Commi ee on Banking
Supervision53, whereby an off-chain database of asset ownership is kept, and a con ngency chain is preselected for por ng assets in case of disrup on. There may be prohibi ons on the adop on of PBs that do
not meet certain in terms of economic security budget, or diversifica on of the validator set. Such measures
do not come without their own costs and risk, such as ar ficially favoring legacy PBs over newer ones, which
may even exacerbate risks inherent to a confidence crisis triggered by obsolescence.
Further work is needed to develop a consistent and effec ve policy approach.
There is an important precedent for this. In 2016, a smart contract living on Ethereum was hacked, leading to largescale the of ETH. A hard fork reinstated the pre-hack situa on, but also alienated Ethereum from a part of the crypto
community, because hard forks imposed by a centralized en ty do not sit well with pure-decentraliza on crypto ethics.
See, for example, the BlackRock BUIDL Fund, a tokenized money market fund available on Ethereum and Solana. Total
capitaliza on is s ll small, at under $3bn.
Ibid.
Recently published papers in the ‘Markets, Infrastructures, Payment Systems’ series
n. 37
Smart Derivative Contracts in DatalogMTL, by Andrea Colombo, Luigi Bellomarini, Stefano
Ceri and Eleonora Laurenza
n. 38
Making it through the (crypto) winter: facts, figures and policy issues, by Guerino Ardizzi,
Marco Bevilacqua, Emanuela Cerrato and Alberto Di Iorio
n. 39
The Emissions Trading System of the European Union (EU ETS), by Mauro Bufano, Fabio
Capasso, Johnny Di Giampaolo and Nicola Pellegrini (in Italian)
n. 40
Banknote migration and the estimation of circulation in euro area countries: the italian
case, by Claudio Doria, Gianluca Maddaloni, Giuseppina Marocchi, Ferdinando Sasso,
Luca Serrai and Simonetta Zappa (in Italian)
n. 41
Assessing credit risk sensitivity to climate and energy shocks, by Stefano Di Virgilio, Ivan
Faiella, Alessandro Mistretta and Simone Narizzano
n. 42
Report on the payment attitudes of consumers in Italy: results from the ECB SPACE 2022
survey, by Gabriele Coletti, Alberto Di Iorio, Emanuele Pimpini and Giorgia Rocco
n. 43
A service architecture for an enhanced Cyber Threat Intelligence capability and its value
for the cyber resilience of Financial Market Infrastructures, by Giuseppe Amato, Simone
Ciccarone, Pasquale Digregorio and Giuseppe Natalucci
n. 44
Fine-tuning large language models for financial markets via ontological reasoning,
by Teodoro Baldazzi, Luigi Bellomarini, Stefano Ceri, Andrea Colombo, Andrea Gentili
and Emanuel Sallinger
n. 45
Sustainability at shareholder meetings in France, Germany and Italy, by Tiziana De Stefano,
Giuseppe Buscemi and Marco Fanari (in Italian)
n. 46
Money market rate stabilization systems over the last 20 years: the role of the minimum
reserve requirement, by Patrizia Ceccacci, Barbara Mazzetta, Stefano Nobili, Filippo
Perazzoli and Mattia Persico
n. 47
Technology providers in the payment sector: market and regulatory developments,
by Emanuela Cerrato, Enrica Detto, Daniele Natalizi, Federico Semorile and Fabio Zuffranieri
n. 48
The fundamental role of the repo market and central clearing, by Cristina Di Luigi, Antonio
Perrella and Alessio Ruggieri
n. 49
From Public to Internal Capital Markets: The Effects of Affiliated IPOs on Group Firms,
by Luana Zaccaria, Simone Narizzano, Francesco Savino and Antonio Scalia
n. 50
Byzantine Fault Tolerant consensus with confidential quorum certificate for a Central Bank
DLT, by Marco Benedetti, Francesco De Sclavis, Marco Favorito, Giuseppe Galano, Sara
Giammusso, Antonio Muci and Matteo Nardelli
n. 51
Environmental data and scores: lost in translation, by Enrico Bernardini, Marco Fanari,
Enrico Foscolo and Francesco Ruggiero
n. 52
How important are ESG factors for banks’ cost of debt? An empirical investigation,
by Stefano Nobili, Mattia Persico and Rosario Romeo
n. 53
The Bank of Italy’s statistical model for the credit assessment of non-financial firms,
by Simone Narizzano, Marco Orlandi and Antonio Scalia
n. 54
The revision of PSD2 and the interplay with MiCAR in the rules governing payment services:
evolution or revolution?, by Mattia Suardi
n. 55
Rating the Raters. A Central Bank Perspective, by Francesco Columba, Federica Orsini and
Stefano Tranquillo
n. 56
A general framework to assess the smooth implementation of monetary policy:
an application to the introduction of the digital euro, by Annalisa De Nicola and Michelina
Lo Russo
n. 57
The German and Italian Government Bond Markets: The Role of Banks versus Non-Banks.
A joint study by Banca d’Italia and Bundesbank, by Puriya Abbassi, Michele Leonardo
Bianchi, Daniela Della Gatta, Raffaele Gallo, Hanna Gohlke, Daniel Krause, Arianna
Miglietta, Luca Moller, Jens Orben, Onofrio Panzarino, Dario Ruzzi, Willy Scherrieble and
Michael Schmidt
n. 58
Chat Bankman-Fried? An Exploration of LLM Alignment in Finance, by Claudia Biancotti,
Carolina Camassa, Andrea Coletta, Oliver Giudice and Aldo Glielmo
n. 59
Modelling transition risk-adjusted probability of default, by Manuel Cugliari, Alessandra
Iannamorelli and Federica Vassalli
n. 60
The use of Banca d’Italia’s credit assessment system for Italian non-financial firms within
the Eurosystem’s collateral framework, by Stefano Di Virgilio, Alessandra Iannamorelli,
Francesco Monterisi and Simone Narizzano
n. 61
Fintech Classification Methodology, by Alessandro Lentini, Daniela Elena Munteanu and
Fabrizio Zennaro
n. 62
The Rise of Climate Risks: Evidence from Expected Default Frequencies for Firms, by Matilde
Faralli and Francesco Ruggiero
n. 63
Exploratory survey of the Italian market for cybersecurity testing services, by Anna Barcheri,
Luca Bastianelli, Tommaso Curcio, Luca De Angelis, Paolo De Joannon, Gianluca Ralli and
Diego Ruggeri
n. 64
A practical implementation of a quantum-safe PKI in a payment systems environment,
by Luca Buccella and Stefano Massi
n. 65
Stewardship Policies. A Survey of the Main Issues, by Marco Fanari, Enrico Bernardini,
Elisabetta Cecchet, Francesco Columba, Johnny Di Giampaolo, Gabriele Fraboni, Donatella
La Licata, Simone Letta, Gianluca Mango and Roberta Occhilupo
n. 66
Is there an equity greenium in the euro area?, by Marco Fanari, Marianna Caccavaio, Davide
Di Zio, Simone Letta and Ciriaco Milano
n. 67
Open Banking in Italy: A Comprehensive Report, by Carlo Cafarotti and Ravenio Parrini
n. 68
Report on the payment attitudes of consumers in Italy: results from ECB SPACE 2024 survey,
by Gabriele Coletti, Marialucia Longo, Laura Painelli, Emanuele Pimpini and Giorgia Rocco
n. 69
A solution for cross-border and cross-currency interoperability of instant payment systems,
by Domenico Di Giulio, Vitangelo Lasorella, Pietro Tiberi
n. 70
Do firms care about climate change risks? Survey evidence from Italy, by Francesca Colletti,
Francesco Columba, Manuel Cugliari, Alessandra Iannamorelli, Paolo Parlamento and
Laura Tozzi
n. 71
Demand and supply of Italian government bonds during the exit from expansionary
monetary policy, by Fabio Capasso, Francesco Musto, Michele Pagano, Onofrio Panzarino,
Alfonso Puorro e Vittorio Siracusa
n. 72
Statistics on tokenized financial instruments: A challenge for central banks, by Riccardo
Colantonio, Massimo Coletta, Riccardo Renzi
n. 73
Credit Risk Assessment with Stacked Machine Learning, by Francesco Columba, Manuel
Cugliari, Stefano Di Virgilio
