Ethereum co-founder Vitalik Buterin has issued a rare warning about the limitations of blockchain validators, emphasizing that the system’s cryptographic guarantees only extend to the protocol itself.
On October 26, Buterin explained that even a 51% attack (a scenario in which most validators collude) cannot validate an invalid block. In practical terms, this means that colluding validators or software bugs cannot seize user funds or falsify transactions.
Periodic reminder:
A key property of a blockchain is that even a 51% attack *cannot make an invalid block valid*. This means that even 51% of colluding validators (or affected by a software bug) cannot steal your assets.
However, this property is not preserved if you start trusting… — vitalik.eth (@VitalikButerin) October 26, 2025
This security arises from the decentralized nature of Ethereum, where each node independently verifies new blocks and automatically rejects those that violate the protocol’s rules. This verification ensures the integrity of the ledger even under majority control.
However, Buterin cautioned that this protection does not extend beyond the blockchain protocol. Once users trust validators for off-chain operations, such as joining assets, verifying real-world data, or confirming external events, the system moves into a trust-based zone. In these cases, if the majority of validators agree on a false statement, the network does not offer any mathematical resources.
Buterin’s comments have sparked renewed debate within the developer community about how much influence validators should wield as blockchains increasingly integrate complex features such as bridges, oracles, and off-chain certifications.
Mudit Gupta, CTO of Polygon, supported Buterin’s warning, noting that while validators cannot directly change the state of Ethereum, they could potentially extract value through mechanisms such as maximum extractable value (MEV) or impose selective censorship.
In contrast, some developers expressed a different perspective. Seun Lanlege, co-founder of Polkadot’s Hyperbridge, warned that the influence of the validator runs deeper than MEV. According to him, a malicious majority could manipulate block propagation or isolate nodes through eclipse attacks, exposing structural vulnerabilities.
Robert Sasu, lead developer at MultiversX, warned that reliance on off-chain systems, such as asset bridges, price oracles, or external data sources, creates vulnerabilities that validators can exploit. He recommended that developers move critical operations, including transaction validation and asset management, directly to the blockchain to eliminate these attack vectors.
According to Sasu, the most resilient blockchain applications are those built entirely on-chain, where every critical function runs in a decentralized Layer 1 environment. By eliminating trusted intermediaries, projects can avoid manipulation, reduce the risk of MEV censorship or exploitation, and maintain ledger integrity even under adverse conditions.
Also read: Stablecoin payments surge 70% after US regulation, companies lead growth