What is Slashing?
Slashing is a punishment mechanism in proof-of-stake blockchains where validators lose a portion (or all) of their staked cryptocurrency for violating protocol rules. It’s the primary security mechanism that makes attacking a PoS network economically devastating.
If a validator is caught double-signing (proposing conflicting blocks) or creating invalid attestations, the protocol automatically destroys their stake and forcibly removes them from the validator set. On Ethereum, slashing removes at least 1 ETH (1/32 of the stake) and permanently ejects the validator.
Slashing is what makes PoS secure: an attacker can’t just try again after a failed attack because their stake is destroyed.
How Slashing Works on Ethereum
Slashing Conditions
Only two specific actions trigger slashing:
1. Double Signing (Proposing)
A validator proposes two different blocks at the same height:
- Cause: Running the same validator key on two machines simultaneously (most common), or software bugs
- Penalty: 1 ETH (or 1/32 of effective balance) + forced exit
- Detection: Whistleblower submits evidence of both signed blocks
2. Surround Voting (Attesting)
A validator creates attestations that “surround” each other — effectively voting for conflicting chain histories:
- Cause: Extremely rare, typically requires intentional attack or catastrophic software bug
- Penalty: Up to the full 32 ETH stake
- Severity: Higher than double-signing because it’s harder to do accidentally
What Does NOT Trigger Slashing
- Going offline: Downtime is penalized through the inactivity leak, not slashing. You lose a small amount of ETH but aren’t ejected.
- Missing attestations: Small penalty per missed attestation (~a few dollars)
- Proposing invalid blocks: The block is simply rejected by the network. No slashing because the validator didn’t sign anything contradictory.
The Slashing Process
- Whistleblower detects: Any network participant can submit evidence of a slashing offense
- Evidence submitted: The evidence (two conflicting signed messages) is included in a block
- Slashing executed: The validator’s balance is reduced by the penalty amount
- Forced exit: The validator is placed in the exit queue (~36 days on Ethereum)
- Whistleblower reward: The reporter receives a portion of the slashed amount (~1/512 of penalty)
Slashing Penalties in Detail
Correlation Penalty
The most important aspect of slashing is the correlation penalty — if many validators are slashed simultaneously (indicating an attack), the penalty per validator increases dramatically:
Penalty = (Effective Balance) × (Fraction of Total Stake Slashed Simultaneously) × 3| Simultaneous Slashing | Penalty Per Validator | Implication |
|---|---|---|
| 1 validator | 1/32 of stake (1 ETH) | Accidental mistake |
| 1% of network | ~33% of stake (~10.5 ETH) | Suspicious |
| 10% of network | ~100% of stake (32 ETH) | Likely attack |
| 33%+ of network | 100% of stake for all | Catastrophic — could halt finality |
This design means: the more validators an attacker controls, the more they lose per validator. A 51% attack would require the attacker to risk billions of dollars in ETH that would be destroyed.
Slashing Across PoS Chains
| Chain | Slashing Penalty | Exit Period | Who Can Report |
|---|---|---|---|
| Ethereum | 1/32 to full stake + correlation | ~36 days | Anyone (whistleblower reward) |
| Solana | No formal slashing | N/A | N/A (leak mechanism instead) |
| Cosmos | Variable per chain | Chain-defined | Anyone |
| Polkadot | 1% + remaining stake removed | 28 days | Anyone |
| Near | Variable | N/A | Fishermen (dedicated reporters) |
Common Causes of Accidental Slashing
1. Dual Migration (Most Common)
When migrating validator infrastructure:
Day 1: Validator running on Server A
Day 2: Operator starts Server B with same key
Day 3: Both servers attest → double signing detected → SLASHEDPrevention: Always stop the old server before starting the new one. Use key management tools that prevent dual use.
2. Backup Server with Same Key
Having a hot backup with the same validator keys, in case the primary fails:
Primary goes offline → Backup activates → Primary recovers → Both attest → SLASHEDPrevention: Never run the same key on multiple machines simultaneously. Use failover mechanisms that guarantee single instance.
3. Client Software Bugs
Rare but possible — a consensus client bug causes double signing:
- Mitigation: Run well-tested clients (Prysm, Lighthouse, Teku, Nimbus)
- Response: Client teams have bug bounties and rapid response for slashing bugs
4. Validator Key Compromise
If someone steals your signing key, they can intentionally get you slashed:
- Prevention: Keep signing keys secure, use remote signers
- Withdrawing key: Keep offline — even if signing key is compromised, attacker can’t steal your stake (only slash it)
Slashing in Liquid Staking
When you use Lido or Rocket Pool, the protocol operator manages the validator:
- Lido: Node operators are curated. If slashed, Lido’s insurance fund covers user losses.
- Rocket Pool: Node operators stake 16 ETH (their own) + 16 ETH (from pool). If slashed, the node operator’s 16 ETH is hit first, protecting pool depositors.
This is why liquid staking reduces slashing risk for individual users — the protocol absorbs the risk.
Frequently Asked Questions
Q: Has anyone been slashed on Ethereum? A: Yes, over 300 validators have been slashed since The Merge. Almost all were accidental (dual running or software bugs), not malicious attacks. Total slashed: a few hundred ETH.
Q: How is slashing different from going offline? A: Going offline causes a small, gradual loss (inactivity leak) but doesn’t eject you. Slashing is a specific punishment for provable misbehavior (double signing) and forcibly removes the validator.
Q: Can slashing be reversed? A: No. Once a validator is slashed and exited, it’s permanent. The destroyed ETH is gone forever, reducing total ETH supply.