I'd further add on to say PoS has the benefit of being able to eliminate bad actors unilaterally. You can't stop anyone from attacking a PoW chain over and over again. Attacking a PoS chain is much riskier as the attacker's stakes are held on chain and are at the mercy of the community who uses the network.
If the community forks to void an attacker's coins, that creates a very bad precedent. It already happened with the dao hack (which was pretty bad to begin with), but if it keeps happening, why would you trust that blockchain.
Why does the attacker need to hold or buy any coins? All the attacker has to do to wreck havoc is prevent quorum from being reached. This can be done by knocking validators offline (which is a slashable penalty), or hacking validators and making them slash themselves, or hacking an exchange or two in order to amass control of 33% or more of the voting power.
If hacking billions of dollars of cryptocurrency was actually easy, plenty of people who are not rich right now would be very very rich. Alternatively, if PoS chains are vulnerable because you can hack exchanges and use their coins to attack, then PoW chains are vulnerable because you can hack exchanges, sell the proceeds to buy ASICs (or just buy the ASIC company), and use those ASICs to attack the PoW network.
Hacking billions of dollars of cryptocurrency is NOT easy, and it gets harder with every passing month, because validators and hodlers have billions of dollars of incentive to protect themselves.
Which is easier to pull off, once you have control of the stolen coins?
* Use them to vote for two chain histories, and thereby get the victims slashed?
* Launder the stolen coins, buy an ASIC fab, churn out ASICs, plug them into the power grid, and use them to continuously and sustainably attack a PoW chain for eternity, all while not getting caught?
In case it's not obvious, the first one can be done the second the compromise takes place. The second one takes years.
> Hacking billions of dollars of cryptocurrency is NOT easy, and it gets harder with every passing month, because validators and hodlers have billions of dollars of incentive to protect themselves.
Why should a hodler bet that over 2/3 of the chain's validators will never, ever be compromised? Money doesn't buy invulnerability, and an attacker only has to succeed once at breaking quorum to break the chain.
> if PoS chains are vulnerable because you can hack exchanges and use their coins to attack, then PoW chains are vulnerable because you can hack exchanges, sell the proceeds to buy ASICs (or just buy the ASIC company), and use those ASICs to attack the PoW network.
Correct me if I'm wrong, but being offline is not a slashable penalty. You would slowly lose ETH and eventually be ejected, but not slashed like a malicious validator would be.
Maybe I'm applying the term "slashing" too broadly. I've historically used it to describe the act of having your tokens taken away for bad behavior (either all at once, or incrementally). Is there a more-specific term for describing the process by which an offline validator loses their ETH over time?
The point is it mitigates the on-chain attack surface which is still prevalent on PoW. Off-chain attacks are still possible for all consensus mechanism.
What on-chain attack surface? The only way to permanently knock a PoW chain offline is to consistently out-mine everyone else. In PoS, once you lose BFT quorum (1/3 of all votes), it's game over.
No distributed system is guaranteed to make forward progress if over 1/3 of its voting nodes is faulty, full stop. Once an adaptive adversary controls more than 1/3 of the voting power, they can forever delay the remaining 2/3 of the voting nodes from reaching consensus. Hell, they'd even be able to delay votes from other nodes to slash their stolen stash.
From this, I can conclude at least one of the following:
