Ethereum co-founder Vitalik Buterin issued a timely reminder about the core security properties of blockchain systems, emphasizing that even a 51% attack cannot make an invalid block valid, a fundamental principle that safeguards user assets even under majority control.
“A key property of a blockchain is that even a 51% attack cannot make an invalid block valid,” Buterin wrote on X. “This means even 51% of validators colluding (or hit by a software bug) cannot steal your assets.”
His statement underscores that blockchain consensus, whether Proof of Work or Proof of Stake, is designed to ensure immutability and validity of transactions, even when most network validators act maliciously or encounter technical errors.
The Warning: Validator Overreach Changes the Game
Buterin’s post also carried a cautionary note about extending trust in validators beyond their intended scope.
Regular reminder:
A key property of a blockchain is that even a 51% attack *cannot make an invalid block valid*. This means even 51% of validators colluding (or hit by a software bug) cannot steal your assets.
However, this property does not carry over if you start trusting…
— vitalik.eth (@VitalikButerin) October 26, 2025
“This property does not carry over if you start trusting your validator set to do other things,” he explained. “At that point, 51% of validators can collude and give a wrong answer, and you don’t have any recourse.”
In other words, while blockchain consensus mechanisms ensure ledger integrity, off-chain trust assumptions, such as relying on validators for oracle data, governance decisions, or cross-chain messages, can introduce new vulnerabilities that bypass blockchain’s mathematical guarantees.
Why It Matters Now
The reminder comes at a time when multi-chain interoperability, AI agents, and cross-chain bridges are expanding the responsibilities of validator sets beyond simple transaction validation. Recent incidents, such as bridge exploits and oracle manipulation attacks, have shown that when validators act as external data providers rather than neutral record-keepers, the same 51% rule no longer protects users.
Ethereum’s transition toward distributed validator technology (DVT), adopted by exchanges like Kraken and staking providers on SSV Network, is one of the steps aimed at mitigating these risks by decentralizing validator control and reducing the potential for collusion.
The Broader Context
Buterin’s comments align with his long-standing advocacy for minimizing trust assumptions in blockchain design. Over the past year, he has repeatedly highlighted the difference between trust-minimized systems and those that outsource validation or computation to centralized entities or external protocols.
His latest reminder reinforces a critical takeaway for the next generation of blockchain developers: while blockchains can resist attacks from within, the moment you extend validator authority beyond consensus, the guarantees of immutability and censorship resistance begin to erode.
As Buterin succinctly put it, even the most secure blockchain is only as trustless as the boundaries you draw around its validators.
