The Puffer × Anchorage Workflow

Puffer Finance and Anchorage Digital, operator of America’s first federally chartered crypto bank, have integrated to give institutions a direct and regulated path to Ethereum restaking yield.

Through this collaboration, institutions can stake ETH, receive pufETH, Puffer’s native liquid restaking token, and deploy it across DeFi strategies, all without leaving Anchorage’s custody environment. Ethereum restaking generates real yield, but the barrier has always been accessing it safely. This integration removes that barrier.

Here is exactly how it works.

The Workflow, Step by Step

1. Deposit ETH into Anchorage

Institutions deposit ETH directly on the Anchorage Digital platform. No external wallets and no protocol interfaces to navigate. Assets remain within qualified custody throughout.

2. Puffer Protocol Handles the Rest

Anchorage routes the ETH through the Puffer Protocol, which manages ETH staking across a decentralized and permissionless validator network and opts into EigenLayer restaking, securing additional AVSs for extra yield layers. Institutions do not run validators or manage any infrastructure themselves.

3. pufETH Is Minted and Credited

The institution receives pufETH, Puffer’s native liquid restaking token, credited directly into their Anchorage account. pufETH accrues value from both PoS staking rewards and EigenLayer restaking rewards simultaneously.

4. Hold or Deploy

pufETH can be held as a custodied position, earning yield passively. It can also be deployed across Anchorage’s DeFi integrations, including lending, swaps, and liquidity provision, as a fully liquid and composable token.

What pufETH Earns

pufETH accrues value from two sources simultaneously:

Ethereum PoS rewards. Generated by Puffer’s permissionless validator network, the only fully permissionless liquid restaking protocol on EigenLayer.

EigenLayer restaking rewards. Staked ETH secures additional on chain services, known as AVSs, generating layered yield on top of base PoS rewards.

Unlike conventional liquid staking tokens, pufETH accrues both PoS and restaking rewards, giving institutions more yield from the same ETH without additional complexity.

What Anchorage Brings

Anchorage Digital is the operator of America’s first federally chartered crypto bank. Four key elements it adds to this integration:

• Qualified custody. Assets are protected with institutional security controls and insurance throughout.
• Regulatory compliance. Anchorage’s federally regulated structure helps institutions meet compliance requirements without additional complexity.
• Operational simplicity. Stake ETH, receive pufETH, then deploy or hold within a single platform. No DeFi wallets and no validator management.
• DeFi access. pufETH is deeply integrated across Anchorage’s DeFi ecosystem, making it an actively deployable asset rather than just a yield receipt.

The Bottom Line

For institutions holding ETH as a treasury asset, this integration means ETH can now earn layered yield across staking and restaking without new counterparty risk, without operational fragmentation, and without requiring in-house blockchain expertise.

Ethereum yield, built for institutions.

Puffer is a leading innovator in Ethereum infrastructure, focusing on next-generation rollups supported by liquid restaking (LRT) and preconfirmation as an AVS. With products like Puffer UniFi and Puffer UniFi AVS on EigenLayer, we are dedicated to enhancing Ethereum’s decentralization. Visit puffer.fi for more information.

How Institutions Access Ethereum Yield was originally published in @puffer.fi on Medium, where people are continuing the conversation by highlighting and responding to this story.

Welcome to another edition of Puffer Recap! 🐡

The past months at Puffer have been defined by deep work and focused execution. We continue building toward our vision of becoming the premier infrastructure and yield layer for digital assets.

This edition highlights recent progress across pufETH institutional adoption and DeFi expansion, UniFi AVS infrastructure, and where things are heading next.

Here’s a quick recap 👇

Institutional Access Expands with Anchorage

Puffer is collaborating with Anchorage Digital to offer institutional exposure to pufETH.

Anchorage provides regulated custody and infrastructure, enabling institutions to access Ethereum-native staking and restaking yields without managing onchain complexity directly.

Institutional capital is increasingly moving onchain through Puffer.

UniFi AVS Receives Eigen Foundation Grant

Puffer UniFi AVS has been awarded a grant from the Eigen Foundation.

This supports ongoing work on preconfirmations, a key primitive for scaling Ethereum rollups with fast execution, while preserving decentralization and economic alignment, backed by over 3.18M ETH in restaked security.

We keep scaling Ethereum.

pufETH Expands to MegaETH

pufETH is now live on MegaETH via Stargate.

MegaETH is designed for real-time execution and high-performance applications, and this integration extends pufETH liquidity into a new execution environment.

More chains, more liquidity surfaces, more opportunities for the Puffer community.

Puffer Across the Ecosystem

Puffer continues to engage across key industry events and conversations shaping Ethereum’s future.

From the HSC Asset Management Conference during Consensus Hong Kong to MR Block Summit in Taiwan, our team contributed to discussions on how public blockchains are becoming real infrastructure for DeFi, RWAs, AI agents, and institutional onchain systems.

We also joined an online session with EigenCloud and partners to explore the future of rollups, decentralized sequencing, and how UniFi AVS enables fast execution backed by restaked ETH. The full recap and recording are available below.

The Future of Scaling on Ethereum

In a recent article, Puffer co-founder Amir Forouzani outlines the current state of Ethereum scaling and what comes next.

As Ethereum adoption grows, rollups remain central to scaling the network, while new execution environments and infrastructure improvements continue to expand what Ethereum can support at scale.

Final Remarks

We continue expanding our ecosystem across liquid staking, institutional infrastructure, UniFi Based Rollups, and UniFi AVS — built at the intersection of Ethereum’s core infrastructure and real capital flows.

Momentum is building. The coming months will push Puffer into a new phase of expansion. More integrations, deeper infrastructure, and a growing presence across Ethereum’s core stack.

Puffer Recap — March 20, 2026 was originally published in @puffer.fi on Medium, where people are continuing the conversation by highlighting and responding to this story.

Anchorage Digital recently announced a partnership with Puffer Finance to give institutional clients access to pufETH. That means regulated access to Ethereum staking and EigenCloud restaking yields.

This piece walks through the infrastructure that makes the setup possible, and where some of the design trade-offs quietly sit.

What is pufETH?

pufETH is Puffer’s liquid restaking token.

An institution deposits ETH into Puffer and receives pufETH in return. That ETH is then assigned to validators participating in Ethereum consensus. Through EigenCloud, those same validators can also secure additional protocols.

Unlike some alternative liquid restaking tokens, pufETH does not rebase. Yield accrues as the exchange rate between pufETH and ETH appreciates, so over time, each pufETH represents more underlying ETH. There are no claim steps or manual restaking flows; rewards are reflected directly in the token’s redemption value.

For firms transiting through Anchorage, this structure likely reduces operational friction. There is one asset to custody and account for, but it reflects two separate sources of yield. No validator fleet to run. No restaking contracts to integrate directly.

It is simple at the surface, though the system underneath is anything but.

Decentralised operator architecture and slashing protection

This is where Puffer’s design starts to look meaningfully different from most liquid staking setups.

The standard industry pattern is to concentrate validation with a small group of professional operators. Efficient and easier to manage, but there is an obvious clustering risk. When one large operator suffers an outage or gets slashed, a material portion of the stake can be affected all at once.

Puffer takes a different path. It is the first permissionless native restaking protocol on EigenCloud, which means anyone with 2 ETH can run a validator. No gatekeeping, no application process. Anyone with 2 ETH can spin up a validator. Which means institutions end up with validation spread across many independent operators running different infrastructure and operational stacks.

This isn’t just about philosophy, as risk engineering is equally important. When operators are genuinely diverse, failures tend to be independent rather than correlated. One exploit or mistake is less likely to cascade across the validator set. For institutional risk teams, this structure probably feels closer to diversified counterparty exposure than trusting a handful of critical service providers.

Of course, permissionless participation raises an obvious question: what happens when something goes wrong? Every Node Operator posts a 2 ETH bond as collateral. This is not a fee. It is skin in the game. If that operator’s validator gets slashed, the bond absorbs the damage before any loss reaches pufETH holders. Think of it as active insurance funded by the operators actually taking on risk. At the aggregate level, this adds up to roughly five billion dollars of economic protection at current ETH prices. Instead of accepting “slashing is rare” as an article of faith, there is a quantifiable buffer you can model. The bond structure also aligns incentives: operators have their own capital exposed, so poor performance costs them directly.

Validator Tickets and protocol safeguards

In most liquid staking protocols, stakers earn rewards based on how well validators actually perform. If an operator underperforms or goes offline frequently, rewards suffer. Stakers absorb that risk whether they signed up for it or not.

Puffer flips this with Validator Tickets (VTs).

To run a validator, an operator purchases VTs upfront. Each ticket represents one validator-day of expected PoS rewards, and that payment flows directly to pufETH holders immediately. Staker rewards get decoupled from operator performance. If an operator later underperforms, they cannot claw back the cost of tickets already purchased. The economics punish laziness directly. For operators who perform well, they keep 100% of the PoS and MEV rewards their validator generates. Outperform the expected average, and you profit. Underperform, and you lose. But economic incentives alone do not make a permissionless protocol safe. That is where Puffer’s Guardians come in. Guardians are trusted community members who handle three responsibilities: ejecting validators whose balance drops too low, vetting new registrations before provisioning 32 ETH, and returning bonds when validators exit cleanly. If a registration is invalid, Guardians skip it and the operator forfeits a portion of their VTs to prevent griefing. This is not permanent infrastructure. The guardian role is designed to phase out once EIP-7002 gets adopted and trustless validator ejection becomes possible.

How the Anchorage Digital integration works

Through the partnership, Anchorage Digital clients can mint or acquire pufETH directly within the Anchorage platform.

From a technical perspective, institutions do not need to connect to external decentralised applications or sign opaque transaction payloads. Custody, compliance workflows and internal controls remain within Anchorage Digital’s platform. Yield generation is handled by the Puffer protocol underneath.

This setup addresses a long-standing friction point. Many institutions have avoided staking because participation usually meant either giving up custody or building complex integrations with multiple external providers.

The combined architecture appears to close that gap. Whether it holds up operationally at scale is something only time will reveal.

Why this matters

Staking, and increasingly restaking, are becoming part of Ethereum’s base economic layer. For institutions holding large ETH balances, ignoring those systems may no longer be a realistic long-term position.

Participation, however, has to happen on institutional terms. That usually means qualified custody, clearly defined risk boundaries, and infrastructure that assumes things will fail occasionally rather than pretending they will not.

This partnership brings those components together. Anchorage Digital supplies the custody and regulatory framework. Puffer supplies staking and restaking infrastructure that is built around operator dispersion, bonded slashing protection and operational isolation.

For institutions evaluating how to access staking and restaking in practice, this appears to be one of the more carefully engineered options available today.

Puffer is a leading innovator in Ethereum infrastructure, focusing on next-generation rollups supported by liquid restaking (LRT) and preconfirmation as an AVS. With products like Puffer UniFi and Puffer UniFi AVS on EigenLayer, we are dedicated to enhancing Ethereum’s decentralization. Visit puffer.fi for more information.

How Puffer & Anchorage Bring Restaking to Institutions was originally published in @puffer.fi on Medium, where people are continuing the conversation by highlighting and responding to this story.

Institutional Access to Ethereum-Native Restaking

Puffer is partnering with Anchorage Digital to offer institutional exposure to pufETH, Puffer’s liquid restaking token. Anchorage Digital is a leading crypto platform that enables institutions to participate in digital assets through trading, staking, custody, governance, settlement, and the industry’s leading security infrastructure..

Through this partnership, Anchorage Digital clients can access Ethereum staking and restaking rewards via pufETH while maintaining the custody, security, and operational standards required by institutions. The collaboration brings Ethereum-native yield into a regulated, institution-grade custody environment, reducing operational complexity without compromising on risk controls.

As staking becomes a core component of Ethereum’s evolving economic layer, institutions are increasingly seeking exposure to liquid, yield-bearing ETH assets that combine decentralization, capital efficiency, and explicit risk mitigation. This partnership is designed to meet that demand.

Why pufETH Is Different

Puffer’s liquid restaking model is built around a simple premise: sustainable yield must be backed by decentralized security and clearly defined protection mechanisms.

Rather than optimizing for short-term yield through operator concentration or implicit guarantees, Puffer focuses on building a liquid restaking system that is safer, more resilient, and better aligned with institutional risk frameworks.

Robust APYs Backed by Decentralized Operators

Puffer’s APYs are generated through Ethereum staking and EigenCloud restaking rewards across a decentralized set of operators, avoiding reliance on a small number of large validator providers.

This operator diversity reduces concentration risk and dependency on shared infrastructure, strengthening the reliability of returns. Yield is therefore rooted in Ethereum-native economics and broad validator participation, rather than operational centralization.

For institutions, this translates into exposure that is structurally more resilient and less sensitive to single points of failure.

Up to $5B in Slashing Penalty Protection and Buffer

Slashing risk is a central concern in staking, particularly in correlated failure scenarios. Puffer addresses this directly through up to $5B in slashing penalty protection and buffer, designed to absorb potential losses before they impact pufETH holders.

By embedding explicit protection mechanisms at the protocol level, Puffer introduces clearer downside boundaries and improved predictability. This approach aligns more closely with institutional risk modeling, where loss scenarios must be identified and mitigated upfront rather than assumed away.

A Safer Model for Institutions and Stakers

In Puffer’s design, decentralization is not a narrative goal but a risk control mechanism.

Distributing validation and restaking across many independent operators reduces correlated operational failures, shared infrastructure dependencies, and systemic slashing cascades. For institutions, this resembles diversified exposure rather than concentrated counterparty risk.

Final Remarks

This partnership reflects a broader shift in how institutions engage with Ethereum.

As staking and restaking mature into foundational components of Ethereum’s security and execution layers, institutional participants are moving beyond passive ETH exposure toward liquid, ETH-native, yield-bearing assets that meet regulatory and operational standards.

By offering access to pufETH, Anchorage expands its institutional on-chain shelf with a liquid staking primitive that is decentralized by design, explicit about risk, and aligned with Ethereum’s long-term security model.

pufETH represents a new class of institutional ETH exposure: robust yield, decentralized operators, and clearly defined protection, delivered through Anchorage’s trusted platform.

Puffer is a leading innovator in Ethereum infrastructure, focusing on next-generation rollups supported by liquid restaking (LRT) and preconfirmation as an AVS. With products like Puffer UniFi and Puffer UniFi AVS on EigenLayer, we are dedicated to enhancing Ethereum’s decentralization. Visit puffer.fi for more information.

Puffer Partners with Anchorage Digital to Offer pufETH Exposure to Institutions was originally published in @puffer.fi on Medium, where people are continuing the conversation by highlighting and responding to this story.

Recently, Puffer UniFi AVS was awarded a grant from EigenCloud to support the development of its preconfirmation network.

Built on EigenCloud, Puffer UniFi AVS enables economically secured preconfirmations, allowing rollups to deliver faster execution while remaining aligned with Ethereum’s validator security.

Following the announcement, we hosted a livestream featuring Amir Forouzani (Co-Founder of Puffer), Kunz (BD Lead at EigenCloud), and Puffer Intern as host to discuss the future of rollups, decentralized sequencing, and how preconfirmations backed by restaked ETH can improve performance and trust guarantees for onchain infrastructure.

You can watch the full conversation on our YouTube channel, and below you’ll find the transcript and summary of the discussion.

Livestream Recap

1. Introduction

This livestream follows the recent announcement that EigenCloud has awarded a grant to support Puffer UniFi AVS.

The discussion focused on:

• Preconfirmations as infrastructure
• Decentralized sequencing
• Crypto-economic security
• Institutional adoption
• The long-term scaling roadmap for Ethereum

2. What is Puffer UniFi AVS?

Speaker: Amir (CEO, Puffer Labs)

Puffer UniFi AVS is an Actively Validated Service (AVS) that provides crypto-economic security for Puffer’s preconfirmation network.

What problem does it solve?

Today’s rollups face two major issues:

1. Latency
2. Centralized sequencing

Puffer’s preconfirmation network delivers:

• Microsecond to millisecond transaction guarantees
• Near–TradFi speed UX
• Preconfirmations backed by economic security
• Compatibility with both:
• Based rollups built from Ethereum’s validator layer
• Existing L2s seeking higher performance

Instead of relying on centralized sequencers, UniFi AVS introduces economically secured preconfirmations, improving speed without sacrificing Ethereum alignment.

3. Why EigenCloud Backed Puffer

Speaker: Koons (BD Lead, EigenCloud)

EigenCloud supported Puffer for several key reasons:

1. Clear Product-Market Need

Preconfirmations directly address:

• Latency bottlenecks
• UX friction in rollups

2. Strong Team Credibility

Puffer has successfully shipped:

• Liquid restaking
• Based rollup infrastructure

3. Alignment with EigenLayer Vision

UniFi AVS leverages:

• Restaked ETH
• Shared Ethereum security
• Existing operator networks

This avoids bootstrapping a separate validator set.

4. Thoughtful Crypto-Economic Design

Puffer carefully designed:

• Slashing conditions
• Operator incentives
• Enforceable trust mechanisms
• Capital efficiency

The result is infrastructure-grade security backed by restaked Ethereum.

4. Decentralized Sequencing & Based Rollups

Puffer has been vocal about decentralized sequencing — but historically, decentralizing sequencers meant:

• Higher latency
• Inefficiency
• Misaligned incentives

UniFi AVS changes that.

Key Innovation: Incentive Alignment

Puffer redesigned the incentive layer between:

• Rollup owners
• Infrastructure providers
• Ethereum validators

This enables:

• Based sequencing
• Trust-minimized L1<>L2 communication
• L2<>L2 composability
• Removal of reliance on centralized sequencers

The goal is not just scaling — but preserving Ethereum’s neutrality and composability while scaling sustainably.

5. Adoption & Rollup Pipeline

Puffer spent ~6 months designing incentives alongside rollup developers.

First Phase:

• UniFi AVS will initially serve:
• Puffer UniFi based rollup
• Based appchains launching on testnet in March

Upcoming Launch:

A trading platform will launch on Puffer UniFi Based Rollup and leverage preconfirmations.

Over time, preconfirmation services will expand to additional rollups.

6. The Grant: Expectations & Milestones

EigenCloud described the grant as an alignment grant, not a conditional milestone grant.

Focus Areas:

1. Onboarding professional infrastructure providers
2. Creating a demand flywheel
3. Supporting testnet → mainnet transition
4. Increasing volume processed via preconfirmations

As usage scales, follow-on grants may be considered.

7. How the Grant Accelerates Puffer

From Puffer’s perspective, grants serve as:

• Validation signals to developers
• Confidence markers for auditors
• Assurance for institutional participants

The grant will help:

• Incentivize early preconfirmation users
• Offer sequencing fee rebates
• Support ecosystem bootstrapping
• Enable gas sponsorship via account abstraction
• Strengthen institutional outreach

Historically, Puffer has received Ethereum Foundation grants — this continues that trajectory of research-backed infrastructure delivery.

8. Institutional Adoption Path

What Institutions Care About:

1. Speed (TradFi-level execution)
2. Compliance capabilities
3. Privacy options
4. Infrastructure outsourcing
5. Downside risk protection

How Puffer + EigenCloud Address This:

• Microsecond-level execution
• Gateway-based compliance extensions
• Potential privacy enhancements (coming soon)
• No need for institutions to run complex infra
• ~$5B in restaked economic security backing operations
• Slashing-backed accountability

This reduces counterparty risk and provides enforceable trust guarantees.

Puffer expects institutional rollups to launch using this architecture in the near future.

9. Long-Term Vision

EigenCloud’s goal:

Productive use of restaked capital and rewarding operators as ecosystem demand grows.

Puffer’s goal:

Builder-first, research-backed scaling solutions tightly connected to Ethereum’s base layer.

Everything Puffer builds — liquid restaking, rollups, AVS — connects back to Ethereum’s validator layer and shared economic security.

10. Closing Notes

Both teams expressed strong alignment around:

• Scaling Ethereum sustainably
• Preserving neutrality
• Enabling institutional-grade infrastructure
• Bringing preconfirmations into mainstream usage

More announcements are expected in the coming months.

🐡 Puffer is Building the Ultimate Vertical in Crypto. Learn more: https://www.puffer.fi/

Preconfirmations & The Future of Rollups — Livestream Recap was originally published in @puffer.fi on Medium, where people are continuing the conversation by highlighting and responding to this story.

Ethereum Staking & Restaking: A Risk Framework for Institutional Allocators

Executive Summary

The emergence of restaking protocols has introduced incremental yield opportunities within Ethereum’s validator ecosystem while simultaneously creating novel risk vectors that warrant careful institutional due diligence. This note examines the structural differences between native staking and restaking, identifies key risk transmission mechanisms, and evaluates architectural approaches to risk containment.

Key Investment Considerations:

• Restaking compounds security assumptions by layering multiple protocol exposures onto identical collateral
• Slashing risk under restaking regimes is non-isolated; fault propagation across Actively Validated Services (AVSs) represents systemic rather than idiosyncratic risk
• Delegation structures introduce principal-agent dynamics that may obscure underlying risk exposures
• Temporal gaps between AVS-level fault detection and Ethereum-layer enforcement create windows of unpriced risk
• Infrastructure architecture and loss absorption mechanisms should be weighted equally alongside yield considerations in allocation decisions

Structural Overview: Staking vs. Restaking

Native Staking

Under Ethereum’s Proof of Stake consensus mechanism, validators commit 32 ETH as collateral to participate in block proposal and attestation. This capital provides cryptoeconomic security to the base layer, with validators earning yield through protocol rewards. The penalty structure, which includes slashing for provable misbehavior and inactivity leakage for offline validators, creates incentive alignment with network integrity.

Restaking Architecture

Restaking, formalized through the EigenLayer protocol (whitepaper: Q1 2023), enables validators and liquid staking token holders to extend their staked ETH as collateral securing additional middleware protocols. Actively Validated Services (AVSs) can inherit Ethereum’s economic security without establishing independent validator sets. This includes data availability layers, cross-chain bridges, and oracle networks.

The economic rationale is straightforward: AVSs compensate validators for shared security guarantees, generating supplemental yield. The architecture separates stakers, operators, and AVSs by design, with opt-in risk selection and programmable slashing conditions.

Risk Transmission Mechanisms

1. Compounding Slashing Exposure

In native staking environments, slashing events typically remain isolated to individual validators. Experienced operators maintain sufficient operational discipline to avoid correlation penalties that would amplify losses.

Restaking fundamentally alters this risk profile. Each incremental AVS introduces distinct slashing conditions, and there is no inherent coordination mechanism ensuring these conditions remain non-conflicting. Operational errors that would have remained contained under native staking can propagate across multiple protocol layers.

2. Correlated Risk Across AVS Exposure

When identical collateral secures multiple AVSs, the portfolio exhibits concentrated rather than diversified risk characteristics. A single implementation vulnerability or exploit vector can trigger simultaneous slashing across all exposed protocols. This represents systemic contagion risk at the protocol layer, distinct from but analogous to cross-validator correlation penalties at the network layer.

3. Principal-Agent Dynamics in Delegation

The majority of restaking capital flows through delegation to specialized operators, a rational response to operational complexity. However, delegation introduces meaningful distance between capital providers and critical decision vectors: AVS selection, upgrade timing, and risk tolerance calibration.

AVS infrastructure remains nascent, and behavioral characteristics under stress conditions are largely untested. Importantly, the current market structure concentrates downside exposure among delegators rather than operators, a misalignment that sophisticated allocators should factor into counterparty assessments.

Architectural Approaches to Risk Containment

Given the structural risks outlined above, infrastructure selection criteria should emphasize containment mechanisms alongside yield optimization. Certain protocol architectures have been designed with explicit assumptions that operational failures will occur, engineering accordingly.

Modular Risk Isolation

Leading infrastructure providers utilize compartmentalized contract architectures, such as discrete RestakingModule contracts controlling individual EigenPods backed by multiple node operators. This structure enables:

• Protocol-level determination of AVS allocation per module
• Distribution of restaked capital according to defined risk preferences
• Operator self-selection into modules aligned with their risk tolerance

First-Loss Capital Requirements

A critical differentiator in infrastructure evaluation is the loss absorption hierarchy. Architectures requiring meaningful operator bond capital (e.g., 2 ETH per operator) materially alter incentive structures versus fee-only models.

From a risk allocation perspective, this design ensures operator capital absorbs initial losses before delegated institutional capital is impaired. Quantitatively, Ethereum correlation penalties would need to reach extreme, network-level failure thresholds before such bonds are exhausted. That’s a tail risk scenario, not ordinary operational variance.

Conservative AVS Curation

Infrastructure providers maintaining discretionary AVS selection processes, limiting exposure to vetted protocols with established track records, reduce the attack surface for delegated capital. While permissionless systems offer long-term scalability benefits, risk transfer to end-users frequently precedes adequate tooling maturity. A staged approach, expanding AVS eligibility as the ecosystem develops appropriate risk infrastructure, represents prudent fiduciary positioning.

Due Diligence Framework for Institutional Allocators

Regardless of infrastructure selection, allocation decisions should address the following:

1. Risk Allocation Structure: How is AVS exposure distributed across the capital stack?
2. Loss Absorption Hierarchy: Who bears first-loss exposure, operators or delegators?
3. Governance Mechanisms: What controls exist around AVS selection and operator eligibility?
4. Incentive Alignment: Are operators compensated solely through fees, or do they maintain capital at risk?

Conclusion

Restaking represents a meaningful evolution in Ethereum’s economic security model, offering both enhanced yield opportunities and expanded risk complexity. Institutional allocators should approach this asset class with frameworks emphasizing infrastructure architecture and loss containment mechanisms alongside return optimization. The protocols demonstrating rigorous risk engineering today are likely to capture disproportionate institutional flows as this market matures.

This analysis is provided for informational purposes and does not constitute investment advice.

Ethereum Staking & Restaking was originally published in @puffer.fi on Medium, where people are continuing the conversation by highlighting and responding to this story.

Less than 0.04% of Ethereum Validators have ever been slashed. About 472 out of more than 1.2 million. Sounds like a rounding error, right?

But here’s what those numbers miss: slashing statistics capture outcomes, not exposure. When something goes wrong at an institutional scale, the math changes fast.

In our previous article, we examined how custody failures often stem from systems functioning exactly as designed, where the design itself is the problem. Slashing risk follows a similar pattern. The validator setup works fine until an assumption buried three layers deep proves to be incorrect.

TL;DR

• Slashing occasionally happens (0.04%), but most incidents stem from operational mistakes, not attacks.
• At the institutional scale, correlated failures across shared infrastructure multiply penalties fast.
• Puffer’s 2 ETH bond structure means operators underwrite their own risk, protecting staked ETH from validator mistakes.
• Staker funds stay protected unless over 2% of all Ethereum validators get slashed simultaneously.

What is Slashing?

Slashing is Ethereum’s way of keeping validators honest. When a malicious validator threatens network integrity, the protocol automatically penalizes them by burning a portion of their staked ETH and forcibly ejecting them from the validator set.

Economic security exists to ensure Ethereum’s trustless state. Validators have real skin in the game, and slashing ensures that attacking or destabilizing the network costs more than it could ever be worth. Without it, proof-of-stake wouldn’t work.

The problem is that slashing doesn’t distinguish between malicious intent and honest mistakes. The protocol only sees the action, not the reason behind it.

When Does Slashing Occur?

Ethereum defines three specific actions that trigger slashing:

• Double proposing: Proposing and signing two different blocks for the same slot
• Surround voting: Attesting to a block that “surrounds” another, effectively rewriting history
• Double voting: Attesting to two candidate blocks for the same slot

When most people hear the term “slashing”, they picture some rogue validator attacking the network. Maybe a coordinated assault on Ethereum’s consensus. The reality? Far more boring. And honestly, more worrying because of it.

Scale Changes Everything

Solo validator gets slashed? Painful, but survivable. Rotate keys, move on.

Institutional staking doesn’t work that way.

Deploy dozens or hundreds of validators, and that “rare” 0.04% stops being negligible. Run the probability across a large enough set, and you probably should have planned for at least one incident.

Here’s where it gets worse. Ethereum’s slashing penalties scale with correlation, and to date, no correlated slashing event has occurred. But with more institutions beginning to stake, it’s a matter of when, not if.

An isolated mistake costs around 1 ETH. But if multiple validators misbehave simultaneously because they share infrastructure, or run the same buggy client version, each penalty multiplies. The protocol assumes correlated failures signal systemic risk, so the slashing penalty will increase with respect to the total validators slashed within 18 days.

This isn’t a bug. It’s intentional. Ethereum rewards diversification and punishes concentration.

Institutions with tightly coupled validator infrastructure are sitting on hidden leverage. What looks like a contained operational hiccup could cascade into something much larger if it touches multiple validators at once. Most risk models we’ve seen don’t account for this properly. They treat validators as independent when the infrastructure underneath them isn’t independent at all.

Nearly every slashing event on record traces back to operational mistakes. Someone spins up a backup node without proper safeguards. Validator keys get reused across machines by accident. A client bug causes an inadvertent rule violation. An AWS outage hits at exactly the wrong moment.

We’ve talked to operators who’ve been slashed and genuinely had no idea what happened until they dug through logs for hours. None of this requires malicious intent. A misconfigured redundancy setup can trigger double-signing without anyone realizing until the penalty hits.

How Puffer Addresses Slashing Risk

Most slashing protection boils down to “be careful” and “follow best practices.” That’s not nothing. But it’s not architecture either.

Puffer takes a different approach. Instead of trying to prevent every possible slashing scenario, we’ve designed a system where operational risk is underwritten by the node operator, not absorbed by stakers.

Risk Buffer as Active Insurance

Here’s how it works. Every node operator Puffer puts up 2 ETH as collateral. If their validator gets slashed, that bond gets removed first. Staker funds aren’t touched. This matters more than it might sound. In most staking setups, slashing losses get socialized across the pool. Everyone takes haircut. The underlying assets backing the token shrink, which means the token itself is worth less ETH than before. That’s a depeg caused by actual loss of value, not a liquidity crunch or market panic, but a real reduction in what’s backing each token.

Puffer’s structure changes that dynamic entirely. The operator who made the mistake (or got unlucky) bears the cost. Stakers have a buffer. The underlying assets stay intact.

The operator that locks 2 ETH as collateral isn’t dead capital sitting in escrow, it still earns rewards. But that bond is first in line if anything goes wrong. It’s not a premium in the traditional sense. No one’s writing checks. What they’re doing is putting their own capital in the blast radius. Operations go smoothly? They keep everything and profit. A mistake triggers slashing? Their ETH absorbs the hit before it ever reaches stakers.

That’s the underwriting. Real skin in the game, not a fee passed downstream.

And here’s the part that often gets overlooked: for a slashing event to burn through more than the 2 ETH bond, over 2% of all Ethereum validators would need to get slashed in the same window. That’s the correlation penalty math we mentioned earlier. A localized failure (even a serious one) stays contained within the operator’s bond. It would take a catastrophic, network-wide event to touch the staker’s principal.

That’s not just risk mitigation, it’s active insurance built into the protocol.

Structural Isolation

The treasury operations are separated from validator operations by design. Private keys aren’t exposed in accessible environments. Withdrawal credentials go through verification layers. If something compromises one part of the system, it doesn’t cascade into everything else. The goal isn’t to promise nothing will ever go wrong. The goal is making sure that when something does, stakers aren’t the ones paying for it.

Puffer Institutional

For exchanges, asset managers, and hedge funds, Puffer Institutional allows them to keep full control over deposits and withdrawals. Institutions can decide how much to stake versus restake. With the ability to launch their own liquid staking tokens without handing authority to black-box logic that they can’t audit. As for the security framework, it’s been audited by BlockSec and SpearBit. Multiple revenue streams are available through traditional staking plus EigenLayer staking. And the operator-underwritten model means an institution’s staked ETH isn’t exposed to someone else’s operational mistakes.

Additionally, the ETH is not commingled with other depositors. Institutions can hold the permission to deposit and withdraw the assets only.

The Question Worth Asking

If you’re managing institutional ETH, slashing probably isn’t the priority. The statistics look reassuring. The current setup hasn’t had problems.

But the question isn’t whether slashing risk exists; it does. The question is whether your current infrastructure would prevent a correlated failure across your validator set, or just hope one doesn’t happen. Puffer exists for teams that would rather not find out the hard way. If you’re starting to wonder whether your current custody stack is actually designed for today’s slashing risk profile, that’s exactly the conversation we’re set up to have.

Read our previous piece on custody risk: Why Most Custody Stacks Are Still Underestimating Risk

More on Puffer’s staking and institutional staking solutions: https://docs.puffer.fi/yield/intro docs.puffer.fi/institutional

The Hidden Risk in Your Institutional ETH Stack: Why Slashing Matters More Than You Think was originally published in @puffer.fi on Medium, where people are continuing the conversation by highlighting and responding to this story.

Puffer News — January 2026

Happy New Puff Puff! 🐡

The first days of 2026 already show a clear pattern across Ethereum and Puffer: execution is catching up with ambition.

From Ethereum’s base layer upgrades to UniFi execution and institutional conversations, recent Puffer updates focused on what actually matters as Ethereum scales in production.

Here’s a quick recap 👇

2025 Set the Foundation

Before looking ahead, it’s worth anchoring where this momentum came from.

2025 marked the year Puffer moved beyond liquid restaking and emerged as full Ethereum-native infrastructure. Institutional staking went live, UniFi AVS matured as a preconfirmation layer for based rollups, UniFi Based Rollup execution progressed toward mainnet readiness, and PufferDAO governance evolved to better align long-term incentives.

The common thread was execution — infrastructure operating under real adoption.

Fusaka Is Live on Ethereum

Ethereum ended 2025 with a major upgrade.

Fusaka improves data availability and proposer logic, enabling rollups to scale without increasing node burden. Key features include Blob Parameter Only (BPO) forks to scale blob capacity over time and deterministic proposer scheduling.

How institutional requirements shape Ethereum infrastructure

Institutional adoption is no longer a future narrative.

Recent conversations highlighted why institutions are increasingly present in Ethereum’s most serious discussions: long-term capital alignment, operational and risk constraints, and infrastructure that can operate at scale under real-world requirements.

This question framed Puffer’s Devcon panel and continues to shape how Ethereum infrastructure is designed.

UniFi AVS: Fixing Rollup Economics

Rollups are no longer competing on throughput alone.

High infrastructure costs and thin margins make long-term sustainability difficult.

UniFi AVS is designed to improve that equation by helping rollup teams retain more of the value they already generate, reducing leakage to external infrastructure, and improving cost coverage without weakening Ethereum’s security model.

PufferDAO Governance Momentum

PufferDAO closed the year with strong governance traction.

Over the last month, vlPUFFER participation increased, with more PUFFER locked into long-term governance positions and a growing number of unique stakers engaging in voting activity. This reflects deeper capital commitment and stronger alignment between protocol direction and token holders.

Governance at Puffer is becoming more active, more representative, and more durable.

New Year. Same Direction.

2026 starts with focus.

Puffer continues building across liquid staking, institutional infrastructure, UniFi Based Rollups, UniFi AVS, and PufferDAO governance — aligned with Ethereum’s roadmap and built to operate under real constraints.

New year. Same work.

Puffer keeps building. 🐡

Puffer News — January 2026 was originally published in @puffer.fi on Medium, where people are continuing the conversation by highlighting and responding to this story.

By mid-2025, reported crypto losses tied to security failures had already passed $2.4 billion. That number gets repeated often enough that it barely lands anymore. What’s troubling isn’t just the size of the losses, but how easily they’re brushed aside as isolated incidents rather than symptoms of the same underlying problems.

Looking at this year’s largest failures, a pattern becomes hard to ignore. Many didn’t involve broken cryptography or attackers prying keys out of cold storage. Instead, funds moved through valid signing paths using permissions that already existed. The systems worked as designed. The design itself appears to be the issue.

The Kiln incident fits this pattern closely. It’s usually described as a staking failure, but that framing may be misleading. No keys were stolen. No custody boundary was obviously breached. The signatures were valid. What failed were the assumptions around how signing authority was delegated and reviewed.

What Actually Happened

To keep staking operations efficient, Kiln relied on pre-authorized signing flows that reduced the need for constant human approval. That choice was understandable. Staking is operationally repetitive, and friction doesn’t scale well. The downside was quieter.

On Solana especially, transactions approved through these flows were not meaningfully readable. Signers saw opaque calldata, not clear intent. In normal conditions, that limitation probably felt acceptable.

The exploit only worked once that assumption broke. After compromising a Kiln engineer’s GitHub token, an attacker injected malicious code into the Kiln Connect API. When users later requested to unstake, the API returned what looked like a standard unstaking transaction, along with an embedded instruction transferring withdrawal authority to the attacker.

From the system’s perspective, nothing was obviously wrong. The transaction followed an approved path. The signature checked out. The problem was simpler: no one signing could clearly see what they were authorizing.

Why This Keeps Happening

This kind of risk rarely shows up all at once. Permissions accumulate. Integrations deepen because they make life easier. Over time, custody controls and application logic blur together.

We’ve seen similar dynamics in incidents involving Phemex and several BSC-based protocols. Treasury systems become tightly coupled to application behavior. Roles gain more authority than originally intended. Controls quietly assume that the right person will notice the right alert at the right moment.

That assumption is optimistic. Much of today’s custody infrastructure still seems designed for normal operations, not failure. When something slips, the architecture often does little to slow value movement or limit impact.

Why Process Isn’t Enough

After an incident, the response is familiar. Keys are rotated. Permissions tightened. Another signer added. Runbooks get longer.

These steps are often sensible but incremental. They sit on top of the same architecture that already failed. Risk doesn’t disappear; it shifts. Humans become the control plane, and systems quietly assume people will perform perfectly under stress. Many post-mortems describe exactly this dynamic.

Swapping tools or vendors can help mitigate symptoms, but it rarely addresses the core issue: broad signing authority combined with weak structural limits once access is obtained.

Why Puffer Took a Different Approach

When we built Puffer’s liquid staking and institutional staking, we assumed that people make mistakes, dependencies fail, and attackers look for quiet paths rather than obvious ones. That assumption shaped the design.

Private keys are never exposed in accessible environments. Withdrawal credentials are verified using Trusted Execution Environments, with validator registration halting automatically if the TEE code changes. Treasury and validator operations are isolated by design, reducing the chance of cascading failures.

Economic guardrails matter too. The 2 pufETH bond introduces a meaningful cap on blast radius, adding roughly $5 billion in economic security against slashing and helping protect users from de-pegs. The goal isn’t invulnerability. It’s containment.

Puffer Institutional

Puffer Institutional is designed for exchanges and asset managers that want to retain full control over deposit and withdrawal permissions while choosing how much to stake or restake. Institutions can launch their own liquid staking or restaking tokens without handing authority to opaque application logic.

If you’re re-evaluating whether your current custody stack is actually built for today’s risk profile, Puffer is meant for that conversation, especially for teams that want security treated as a first-order architectural constraint, not an operational assumption.

Why Most Custody Stacks Are Still Underestimating Risk was originally published in @puffer.fi on Medium, where people are continuing the conversation by highlighting and responding to this story.

ETHZilla Corporation (Nasdaq: ETHZ) today announced that it has deployed approximately 10,600 Ether (“ETH”) into the decentralized finance (DeFi) ecosystem via Puffer, a liquid restaking protocol.

The deployment represents a significant portion of the Company’s ETH treasury and is intended to generate enhanced yields through Ethereum restaking.

Puffer Partnership Details

Puffer was selected for its ability to deliver yield through restaking while simultaneously prioritizing security with its innovative 2 ETH validator bond. This framework provides active insurance against validator failures or malicious activity, offering digital asset-focused businesses and institutions a robust and risk-aware staking architecture.

“We are excited to partner with Puffer, whose validator framework strengthens both the yield and security profile of our ETH deployments,” said McAndrew Rudisill, Chairman and Chief Executive Officer of ETHZilla. “This collaboration advances our strategy of generating sustainable cash flow from Ethereum and reflects our commitment to deploying capital into infrastructure designed for long-term growth.”

In addition to its liquid restaking protocol, Puffer is building a vertically integrated crypto infrastructure stack, including its LRT for capital efficiency, UniFi based rollup for composability, and Preconfirmation AVS for high-throughput scalability. Together, these components position Puffer as a comprehensive infrastructure provider focused on yield, performance, and composability.

This deployment underscores ETHZilla’s approach to treasury management by leveraging Ethereum-native infrastructure to generate recurring returns while maintaining a strong security posture.

“Our collaboration with ETHZilla demonstrates how institutional-grade security and yield can coexist,” said Amir Forouzani, Founder and CEO of Puffer. “By combining ETHZilla’s forward-looking treasury strategy with Puffer’s permissionless validator architecture, we are helping set a new standard for institutional participation in Ethereum restaking.”

About ETHZilla

ETHZilla Corporation is a technology company in the decentralized finance industry. ETHZilla seeks to connect financial institutions, businesses and organizations worldwide by enabling secure, accessible blockchain transactions through Ethereum Network protocol implementations. It generates recurring revenues through various DeFi protocols that improve Ethereum network integrity and security. ETHZilla believes it has the unique capability to bring traditional assets on-chain via tokenization. Through its proprietary protocol implementations, ETHZilla facilitates DeFi transactions and asset digitization across multiple Layer 2 Ethereum networks. ETHZilla is working to offer tokenization solutions, DeFi protocol integration, blockchain analytics, traditional-to-digital asset conversion gateways, and other decentralized finance services.

About Puffer

Puffer Finance is a leading innovator in Ethereum infrastructure, focusing on next-generation rollups supported by liquid restaking (LRT) and preconfirmation as an AVS. With products like Puffer UniFi and Puffer UniFi AVS on EigenLayer, we are dedicated to enhancing Ethereum’s decentralization. Visit puffer.fi for more information.

ETHZilla Deploys 10,600 ETH to Puffer for Ethereum Restaking was originally published in @puffer.fi on Medium, where people are continuing the conversation by highlighting and responding to this story.