Proof-of-Stake (PoS) is all the rage these days. Ethereum Casper, Cardano Ouroboros, etc. you name it. The rising interest in PoS protocols is probably due to the desire to scale blockchains indefinitely, combined with the mistaken notion that Proof-of-Work (PoW) is somehow “wasteful.” (Go here for a detailed discussion on PoW).

A topic not emphasized enough with PoS protocols is their lack of resilience in dealing with worst-case scenarios [1]. For examples: extraordinary events that could knock offline or partition a significant portion of the network, or even the entire network. Or the risk of stolen/purchased private keys.

One might think that these kinds of scenarios are rare or unlikely, but a) they might not necessarily be as rare as you think and b) even something with a 0.1% chance of happening means that it will happen in the long run — these are what Nassim Taleb termed Black Swan events.

Simply put, these events are highly unlikely to happen, but when they do happen, the results are often catastrophic. We humans regularly underestimate high-impact, long-tail events. E.g. the illusion that tomorrow is safe simply because it has been safe for the last 10 or 100 years.

Careful consideration of long tail events is especially important in the design of a protocol that has the potential to become the backbone of the global economy, that millions of people & businesses will rely on.

We must handle Bitcoin software with the same respect we handle nuclear reactor software. In engineering literature, this class of software is known as critical systems. There’re three types of critical systems: safety-critical, mission-critical and business-critical. Bitcoin fits the bill for all three (loss of money can cause loss of life). There’s absolutely no margin for error.

Experienced engineers wouldn’t sleep well at night even with the current level of Bitcoin security, which is far from perfect. They know that we’re always one step away from a disaster, no matter how sound things are on paper & how smoothly things seem to have gone so far.

There have been many high-profile engineering failures in the past that clearly demonstrate this type of hidden danger. Some examples:

1) Concorde crash (2003)

Concorde (1976–2003) was one of the only two supersonic passenger planes ever existed. The Concorde crash happened as a result of a blown tire hitting the fuel tank during takeoff, causing a chain reaction. Concorde was once considered one of “the safest planes in the world”.

2) Challenger disaster (1986)

NASA initially estimated that the odds of failure was 1 in 100,000. Richard Feynman led the investigation which discovered the cause to be the failure of the O-rings to expand in 32-degree weather. The true odds was closer to 1 in 100. A thousand fold miscalculation!

3) Fukushima meltdown (2011)

Japan is one of the best countries in terms of earthquake technology & earthquake safety.

The Fukushima meltdown happened as a result of what you can call the perfect storm of disasters: a magnitude-9 earthquake, the most powerful ever recorded in Japan, followed by a 15-meter (~50 feet), once-in-a-thousand-year tsunami.

Thinking about worst case scenarios is an absolute must when dealing with critical systems, and even more important when these systems are on the global scale.