A fundamental problem for decentralized systems like permissionless blockchains is that their security depends upon the cost of an attack being greater than the potential reward from it. Various techniques are used to impose these costs, generally either Proof-of-Work (PoW) or Proof-of-Stake (PoS). These costs have implications for the economics (or tokenomics) of such systems, for example that their security is linear in cost, whereas centralized systems can use techniques such as encryption to achieve security exponential in cost.
Now, via Toby Nangle's
Stablecoin = Fracturedcoin we find
Tokenomics and blockchain fragmentation by Hyun Song Shin, whose basic point is that these costs must be borne by the users of the system. For cryptocurrencies, this means through either or both transaction fees or inflation of the currency. The tradeoff between cost and security means that there is a market for competing blockchains making different tradeoffs. In practice we see a vast number of
competing blockchains:
Tether’s USDT sits on 107 different ledgers. ... USDC sits on 125.
The chart shows Ethereum losing market share against competing blockchains.
Shin's analysis uses game theory to explain why this fragmentation is an inevitable result of tokenomics. Below the fold I go into the background and the details of Shin's explanation.
Background
In 2018's
Cryptocurrencies Have Limits I discussed Eric Budish's
The Economic Limits Of Bitcoin And The Blockchain, an important analysis of the economics of two kinds of "51% attack" on Bitcoin and other cryptocurrencies based on PoW blockchains. Among other things,
Budish shows that, for safety, the value of transactions in a block must be low relative to the fees in the block plus the reward for mining the block.
In 2019's
The Economics Of Bitcoin Transactions I discussed
Raphael Auer's
Beyond the doomsday economics of “proof-of-work” in cryptocurrencies, in which Auer shows that:
proof-of-work can only achieve payment security if mining income is high, but the transaction market cannot generate an adequate level of income. ... the economic design of the transaction market fails to generate high enough fees.
Bitcoin's costs are defrayed almost entirely by inflating the currency, as shown in
this chart of the last year's income for miners. Notice that the fees are barely visible.
It has been known for at least a decade that Bitcoin's plan to phase out the inflation of the currency was problematic. In 2024's
Fee-Only Bitcoin I wrote:
In 2016 Arvind Narayanan's group at Princeton published a related instability in Carlsten et al's On the instability of bitcoin without the block reward. Narayanan summarized the paper in a blog post:
Our key insight is that with only transaction fees, the variance of the miner reward is very high due to the randomness of the block arrival time, and it becomes attractive to fork a “wealthy” block to “steal” the rewards therein.
So Bitcoin's security depends upon the "price" rising enough to counteract the four-yearly halvings of the block reward. In
that post I made a thought-experiment:
As I write the average fee per transaction is $3.21 while the average cost (reward plus fee) is $65.72, so transactions are 95% subsidized by inflating the currency. Over time, miners reap about 1.5% of the transaction volume. The miners' daily income is around $30M, below average. This is about 2.5E-5 of BTC's "market cap".
Lets assume, optimistically, that this below average daily fraction of the "market cap" is sufficient to deter attacks and examine what might happen in 2036 after 3 more halvings. The block reward will be 0.39BTC. Lets work in 2024 dollars and assume that the BTC "price" exceeds inflation by 3.5%, so in 12 years BTC will be around $98.2K.
To maintain deterrence miners' daily income will need to be about $50M, Each day there will be about 144 blocks generating 56.16BTC or about $5.5M, which is 11% of the required miners' income. Instead of 5% of the income, fees will need to cover 89% of it. The daily fees will need to be $44.5M. Bitcoin's blockchain averages around 500K transactions/day, so the average transaction fee will need to be around $90, or around 30 times the current fee.
Bitcoin users set the fee they pay for their transaction. In effect they are bidding in a blind auction for the limited supply of transaction slots. Miners are motivated to include high-fee transactions in their next block. If there were an infinite supply of transactions slots miners' fee income would be zero. In practice, much of the timethe supply of slots exceeds demand and fees are low. At times when everyone wants to transact, such as when the "price" crashes, the average fee spikes enormously.
There was thus a need for a consensus mechanism that did not depend upon inflation. In 2020's
Economic Limits Of Proof-of-Stake Blockchains I discussed a post entitled
More (or less) economic limits of the blockchain by Joshua Gans and Neil Gandal in which they summarize their
paper with the same title. The importance of this paper is that it extends the economic analysis of
Budish to PoS blockchains. Their abstract reads:
Cryptocurrencies such as Bitcoin rely on a ‘proof of work’ scheme to allow nodes in the network to ‘agree’ to append a block of transactions to the blockchain, but this scheme requires real resources (a cost) from the node. This column examines an alternative consensus mechanism in the form of proof-of-stake protocols. It finds that an economically sustainable network will involve the same cost, regardless of whether it is proof of work or proof of stake. It also suggests that permissioned networks will not be able to economise on costs relative to permissionless networks.
In 2022 Ethereum switched from Proof-of-Work to Proof-of-Stake, reducing its energy consumption by around 99%. This chart shows that, like Bitcoin, until the "Merge" the costs were largely defrayed by inflating the currency. After the "Merge" the blockchain has been running on transaction fees.
Shin's Analysis
Here is a summary of Shin's analysis.
Notation
- There is a continuum of validators i.
- For validator i ∈ [0;1], the cost of contributing to governance is ci > 0.
- The blockchain needs at least a fraction k̂ of the validators contributing to be secure. Shin writes:
There are two special cases of note: k̂ = 1 (unanimity, corresponding to full decentralisation where every validator must participate for the blockchain to function) and k̂ = 0 which corresponds to full centralisation, where one validator has authority to update the ledger.
k̂ = 1 is impractical,lacking fault tolerance. k̂ = 0 is much more practical, it is the traditional trusted intermediary.
- If the blockchain is secure, each contributing validator earns a reward p > 0. A non-contributing validator earns zero.
- The validators share a common cost threshold c*. If ci < c*, validator i contributes, if ci > c* validator i does not.
Argument
Each validator will want to contribute only if at least
k̂ - 1 other validators contribute, which poses a coordination problem. The case of particular interest is the validator with
ci =
c*. Shin
writes:
Intuitively, even though the marginal validator may have very precise information about the common cost c*, the validator faces irreducible uncertainty about how many other validators will choose to contribute. It is this strategic uncertainty — uncertainty about others' actions — that is the central feature of the coordination problem.
This "strategic uncertainty" is similar to the attacker's uncertainty about other peers' actions that is at the heart of the defenses of the LOCKSS system in our 2003 paper
Preserving peer replicas by rate-limited sampled voting.
 |
| Shin Figure 6 |
Because the marginal validator's
ci =
c*, the decision whether or not to contribute makes no difference. Sin's Figure 6 explains this graphically. Rectangle A is the loss if
k <
k̂ and rectangle B is the gain if
k >
k̂. Setting them equal gives:
c*k̂ = (p - c*)(1 - k̂)
which simplifies to:
c* = p(1 - k̂)
Shin and Morris earlier showed that this is the unique equilibrium no matter what strategy the validators use.
Result
What this means is that successful validation depends upon the reward
p being large enough so that:
p ≥
c
1 − κ̂
Shin
writes:
Note that the required reward p explodes as k̂ → 1. This is the central result of the paper: the more decentralised the blockchain (the higher the supermajority threshold), the higher must be the rents that accrue to validators. In the limiting case of unanimity (k̂ = 1), no finite reward can sustain the coordination equilibrium.
 |
| Shin Figure 1 |
This yet another result showing that a reasonably secure blockchain is unreasonably expensive. The complication is that, much of the time, transactions are cheap because the demand for them is low. Thus most of the time validators are not earning enough for the risks they run.
But:
When many users want to transact at the same time, they bid against each other for limited block space, and fees spike — much as taxi fares surge during rush hour. Figure 1 shows how Ethereum gas fees exhibited sharp spikes during periods of network congestion, such as during surges in decentralised finance (DeFi) activity or spikes in the minting of non-fungible tokens (NFTs). These spikes are not merely a reáection of excess demand; they are the mechanism through which the blockchain extracts the rents needed to sustain validator coordination.
Note that these spikes mean that the majority of the
time fees are low but the majority of
transactions face high fees. It is this "user experience" that drives the fragmentation that
Shin describes:
When demand for block space is high, fees rise and validators are well compensated. But high fees deter users, especially those making small or routine transactions. These users are the first to migrate to competing blockchains that offer lower fees — blockchains that can offer lower fees precisely because they have lower coordination thresholds (and hence less security). The users who remain on the more secure blockchain are those with the highest willingness to pay: institutions, large DeFi protocols, and transactions where security and censorship resistance are paramount. This sorting of users across blockchains is the essence of fragmentation.
Shin notes that:
The fragmentation argument is the flipside of blockchain's "scalability trilemma," as described by Vitalik Buterin, who posed the problem as the impossibility of attaining, simultaneously, a ledger that is decentralised, secure, and scalable.
It is worth noting that Buterin's trilemma is a version for PoS of the trilemma Markus K Brunnermeier and Joseph Abadi introduced for PoW in 2018's
The economics of blockchains. See
The Blockchain Trilemma for details.
Shin's focus is primarily on the effects of fragmentation on stablecoins. He
notes that:
Rather than converging on a single platform, stablecoin activity is scattered across many chains (Figure 4). As of late 2025, Ethereum held the majority of total stablecoin supply but was facing competition from Tron and Solana, each of which had attracted tens of billions of dollars in stablecoin balances. Each chain serves different geographies and use cases: Ethereum for institutional settlement, Tron for low-cost remittances, Solana for retail payments and DeFi activity.
This fragmentation among blockchains would not matter much if stablecoins were interoperable between them, but they are confined to the blockchain on which
they were minted:
A USDC token on Ethereum is not the same as a USDC token on Solana — they exist on separate ledgers that have no native way of communicating with each other. Transferring between chains requires the use of bridges: specialised software protocols that lock tokens on one chain and issue equivalent tokens on another. These bridges introduce additional risks, including vulnerabilities in the smart contract code — bridge exploits have accounted for billions of dollars in cumulative losses — and they impose costs and delays that undermine the seamless transferability that is the hallmark of money. The result is a landscape in which stablecoins from the same issuer exist in multiple, non-fungible forms across different blockchains, fragmenting liquidity and undercutting the network effects that should be the strength of a widely adopted payment instrument.
Discussion
As I've been pointing out
since 2014, very powerful economic forces mean that
Decentralized Systems Aren't. So the users paying for the more expensive transactions because they believe in decentralization aren't getting what they pay for.
As I wrote in 2024's
It Was Ten Years Ago Today:
The insight applies to Proof Of Stake networks at two levels:
- Block production: over the last month almost half of all blocks have been produced by beaverbuild.
- Staking: Yueqi Yang noted that:
Coinbase Global Inc. is already the second-largest validator ... controlling about 14% of staked Ether. The top provider, Lido, controls 31.7% of the staked tokens,
That is 45.7% of the total staked controlled by the top two.
In addition all these networks lack software diversity. For example, as I write the top two Ethereum consensus clients have nearly 70% market share, and the top two execution clients have 82% market share.
Shin writes as if more decentralization equals more security even though it doesn't happen in practice, but this isn't really a problem. What the users paying the higher fees want is more security, and they are probably getting
because they are paying higher fees. As I discussed in
Sabotaging Bitcoin, the reason major blockchains like Bitcoin and Ethereum don't get attacked is
not because the (short-term) rewards for an attack are less than the cost. It is rather that everyone capable of mounting an attack is
making so much money that:
those who could kill the golden goose don't want to.
In any case what matters for Shin's analysis isn't that the users actually get more security for higher fees, but that they
believe they do. Like so much in the cryptocurrency world, what matters is
gaslighting. But what the chart showing Ethereum losing market share shows is that security is not a concern for a typical user.
No comments:
Post a Comment