Key Points
- •Solana co-founder Anatoly Yakovenko has raised concerns that Ethereum Layer 2 (L2) networks share similar security risks to cross-chain bridges like Wormhole.
- •Yakovenko argues that the reliance on upgradeable multisig contracts on many L2s creates vulnerabilities if signers are compromised or collude.
- •Ethereum co-founder Vitalik Buterin has previously defended L2s, highlighting their security derived from Ethereum's base layer, though he acknowledges limitations when validators operate outside this authority.
- •This debate underscores ongoing industry-wide uncertainty regarding the decentralization and security standards of L2 solutions, which collectively hold over $35 billion in total value locked.
Solana co-founder Anatoly Yakovenko has reignited concerns about the security model of Ethereum Layer 2 networks. In a post on X, he argued that L2s face the same worst-case risks as cross-chain bridges, such as Wormhole.
Yakovenko emphasised that most L2s rely on upgradeable multisig contracts, which can be exploited if signers collude or are compromised. He claimed this structure exposes bridged funds to similar vulnerabilities and makes decentralization promises ineffective.
The L2s are actually the same as bridges like wormhole. They all have upgradeable multisigs. If the multisig is compromised or colludes, you lose your funds. The only difference is that L2s have a more complex codebase and more validators to collude.
— toly June 10, 2024
Ethereum co-founder Vitalik Buterin previously defended L2 architectures, stating that their connection to Ethereum ensures protection from 51% attacks. However, he acknowledged limitations when validators act outside Ethereum’s base-layer authority.
My main point is that L2s are protected by Ethereum’s base layer security. This means that you are protected from L1 51% attacks, and also from L2s that are not following protocol rules (e.g. by censoring transactions or not publishing data).
— vitalik.eth June 10, 2024
The only attack vector is if the L2 operators themselves collude to steal funds. But even then, this is only possible if they can execute arbitrary code on L1, which is not generally possible.
Despite Ethereum’s broad validator base, Yakovenko asserted that current L2 designs remain exposed due to complex codebases and off-chain execution. He believes these weaknesses persist even after five years of L2 development.
Public Disagreement Highlights Industry-Wide L2 Uncertainty
Gabriel Shapiro and other Ethereum supporters responded by arguing that L2s can still inherit security from Ethereum with proper mechanisms. They claim that Stage 2 rollups already resemble vault contracts with full L1 enforcement.
Yakovenko rejected this view, stating that the real issue is not coordination difficulty but whether users control access to their funds. He also proposed that Ethereum could operate as a Solana Layer 2 via a custom bridge, avoiding trust-based multisig dependencies.
The exchange has sparked broader concern across the developer community, as Ethereum L2s now hold over $35 billion in total value locked. Debate continues over whether current L2 systems meet the decentralization and security standards expected in production environments.