If an attacker simulated an Ethereum network, with 1 million validators in it. He has keys to all validators, because the entire thing is his simulation. He simulates several decades, which in real time is probably several hours.
Then he broadcasts his simulated network to the real Ethereum network, and claim his is the real one. All his 1 million validators start communicate with the real validators. Since his network history has more “total attestations”, his network should be the real one according to the chain selection rule.
This is impossible in PoW, because he would need more hash power than all the other miners combined to simulate a “heavier” history. But that is not the case in PoS. I am curious, how does PoS solve this?
The attacker cannot just enter the network, each validator needs to deposit the 32 ETH and then there is the waiting queue: 1 million validators cannot enter in an instant, only a couple per epoch. So the first few enter and they cannot present their version of the truth, because they are a tiny minority.
It would be more problematic if someone somehow steals access to the majority of existing validators. This is more difficult the more different entities there are.
If the chain selection rules doesn’t have something like “All addresses must start at zero, except for that one premine wallet”, the attacker can start the chain with 1 million addresses that already have 32 ETH in it.
He simulates several decades of on-chain time (hours in real time). 1 million validators entering the system is probably done in the first year.
The idea is that he starts Ethereum network from when the ledger is empty. This is not far-fetched, because the real Ethereum network also started form an empty ledger. How do we tell one is real, the other is not?