Kraken Suspends Staking Services: Understanding the Relationships and Differences Among 4 Staking Approaches
TechFlow Selected TechFlow Selected
Kraken Suspends Staking Services: Understanding the Relationships and Differences Among 4 Staking Approaches
The trade-off between efficiency and security has led to different staking solutions.
Navigating Web3 tides with focused insightsWritten by: 0xTodd, Partner at Nothing Research
Today, taking advantage of the news that Kraken has paused staking services, I’d like to offer a primer and analysis on Ethereum staking:
-
At its core, staking is all about the ownership of two private keys.
-
Based on who holds these two keys, four distinct staking models have emerged.
With this article, I believe you’ll gain deeper clarity on Lido, Rocket Pool, Coinbase, Kraken, SSV, and Ebunker.
If we imagine Ethereum as a company, validators performing staking are its employees. Their job is to verify transaction validity and propose blocks (although block construction itself is increasingly outsourced to MEV providers).
-
First, as a validator, you must prove your identity. Not just anyone can validate transactions—after depositing 32 ETH, you receive a credential known as the 【validator key】.Theoretically, the first step in staking is generating this validator key. With it—the equivalent of an employee ID—you can then sign off on every transaction.
-
Second, Ethereum thoughtfully introduced a second private key to receive the initial 32 ETH deposit.When becoming a validator, you specify a “withdrawal address”—this is where your principal and rewards will be sent. The private key for this address should remain under your control (i.e., the 【withdrawal key】). Think of it as your paycheck account.
Now you understand the two keys: ① validator key (employee ID), and ② withdrawal key (paycheck account).
Next, based on how these two keys are managed, four staking solutions emerge:
-
- CEX Model
-
- Pooled Staking
-
- SaaS Model (Staking as a Service)
-
- Solo Staking
Model One: CEX / Fully-Custodial
If you use a centralized exchange (CEX) staking service—such as Binance, Coinbase, or Kraken (which recently announced it’s halting staking)—you likely never created a 【validator key】 nor specified a 【withdrawal key】. This is classic “full custody.”
So where are these two keys?
-
The validator key resides with Binance Pool or Coinbase Pool.
-
The withdrawal key is held in cold storage by Binance or Coinbase.
You don’t have to work (participate in validation), and your paycheck account is entrusted to the exchange. This model is the most convenient—and often comes with yield guarantees.
But it’s unsuitable for those who value decentralization, given recurring FUD and increasing regulatory scrutiny—especially from U.S. authorities, who may soon prohibit such practices.
Model Two: Pooled Staking
This refers to staking via Lido or Rocket Pool. You still don’t generate the two keys yourself—they’re managed by Lido or Rocket. So what’s different from CEXs?
Validator Key:
CEX: There’s only one operator—the exchange itself.
Lido: Lido 1.0 delegates deposits to 29 node operators. These operators manage validator keys, so they’re relatively decentralized. Think of Lido as a corporate group with a team of 29 professional workers doing the job for you. In return, operators take ~5% fees, and Lido takes another 5%.
Rocket Pool: Anyone with hardware/cloud servers and 16 ETH can become a node operator. It’s like a crowdsourced platform (e.g., Uber Eats), where individuals bring their own equipment (servers) to run nodes. Naturally, they also charge fees.
Withdrawal Key:
Let’s revisit how withdrawals actually work. I previously explained this briefly in my thread on the Shanghai Upgrade and withdrawals.
As you know, Ethereum operates on two chains:
-
Ethereum 1.0 (Execution Layer)
-
Beacon Chain (Consensus Layer)
When you stake, the first step is sending ETH to the Beacon Chain deposit contract on Ethereum 1.0. Then, the Beacon Chain creates a corresponding balance on the consensus layer.
Note: These ETH are locked—not burned or bridged—but simply mapped. See diagram below:
After the Shanghai Upgrade, withdrawals became a new transaction type. When you withdraw:
1. Your node signals the Beacon Chain to initiate withdrawal.
2. You enter a queue.
3. Once reached, the Beacon Chain instructs the Ethereum 1.0 deposit contract.
4. The deposit contract sends ETH to your designated address (e.g., 0xTodd.eth).
Thus, your 【withdrawal key】 is essentially the private key of "0xTodd.eth".
Lido and Rocket Pool add three extra layers:
1. You tell Lido/RPL you want to withdraw.
2. Lido/RPL notifies the relevant operator.
3. Operator signals the Beacon Chain.
4. Queue.
5. Beacon Chain instructs Ethereum 1.0 deposit contract.
6. Deposit contract sends funds to Lido/RPL’s withdrawal vault.
7. You burn stETH/rETH; Lido/RPL smart contract sends ETH to your address.
PS: With CEXs, step 7 would be CZ or Armstrong crediting your Binance/Coinbase account balance directly.
For pooled staking, steps 1, 4, 5, 6, and 7 are fully on-chain and secure.
The weak points are steps 2 and 3.
In theory, a pooled staking provider could censor your withdrawal—for example, if you’re sanctioned by U.S. OFAC due to Tornado Cash usage, they could block the signal at steps 2 and 3.
I call this the “big pool” model because all nodes share the same withdrawal address—the Lido/RPL withdrawal vault smart contract.
Still, compared to CEXs, these are improvements.
However, due to the discretion in steps 2 and 3, this model remains close to “fully custodial.” After all, the withdrawal key is still controlled by the pool operator. What you hold is merely the “withdrawal address of a withdrawal address.”
Therefore, any model where users don’t control final fund destinations leans toward “full custody.”
Some Rocket Pool supporters claim it’s fully decentralized—a compelling marketing message.
But after reading this, you now know: Rocket achieves decentralization in validator keys—anyone can operate a node (Lido V2 is working toward this too).
Yet for withdrawal keys, users still have no control—your assets remain in third-party wallets.
Still, Lido and Rocket Pool represent solid compromises—just one or two extra steps beyond CEXs, but more decentralized. Especially Lido: stETH enjoys excellent liquidity (currently surpassing all other LSDs), a major plus.
Model Three: SaaS / “Small Pool”
Now we enter more purist territory. Personally, I have strong decentralization preferences—especially after repeated CEX collapses.
Recall our analogy: validator key = employee ID; withdrawal key = paycheck account.Naturally, one might ask: Is there a way for someone else to work for me while I personally collect the paycheck?
In real life, this rarely works. But on Ethereum, it does—via SaaS (or VaaS: Validator as a Service). Let’s use the non-custodial pool @ebunker_eth as an example.
First, you generate a keystore file containing your validator key and send it to Ebunker Pool. Then, the professional operator maintains the node. Meanwhile, you set your own withdrawal address—retaining full control over fund withdrawals.
In summary:
-
【Validator key】: Shared between you and the pool;
-
【Withdrawal key】: Only you hold it.
Translation: The pool works, you get paid, the pool takes a cut.
How is this different from pooled staking? The difference lies here:
-
Pooled: All users share one withdrawal address (the Lido/RPL vault) → “Big Pool.”
-
SaaS: Each user sets their own withdrawal address → “Small Pool.”
PS: The terms “big pool” and “small pool” are my own—I find them intuitive and helpful.
You might ask: In SaaS, if the pool refuses to broadcast your withdrawal, can you still withdraw?
Here’s the key: since you hold your validator key, even if the pool goes rogue, you can run the node yourself and broadcast the message.
And since you hold your withdrawal key, you can always withdraw safely—recovering your principal intact.
But in pooled models, you lack both keys—so you’re powerless in worst-case scenarios.
Second question: Can a SaaS/small-pool operator steal your funds?
This is where Ethereum staking shines: when creating a node, you specify the withdrawal address, which the operator cannot alter. Even if the operator runs away, they can’t access your principal—the cost of stealing it ≈ attacking Ethereum itself.
But in pooled models, worst-case scenarios allow potential rug pulls: the operator could upgrade the vault contract and transfer ownership to an attacker. While unlikely, it’s theoretically possible.
To counter this, Lido uses multi-sig governance for contract upgrades. Rocket Pool, however, seems silent on this—no public discussion found.
So for users who want high security (no third-party fund control) without running a 24/7 node, SaaS is ideal. Besides @ebunker_eth, several pools offer similar non-custodial services—check Rated.network for options.
Downside: All non-custodial SaaS models lack LSDs (liquid staking derivatives).
Reason: If they don’t control your keys, how can they issue you a banknote (LSD)? Some SaaS pools do offer pooled options—those can issue LSDs.
In short: Who controls the keys determines whether LSDs are possible. CEX and pooled models can issue them; small-pool and solo models cannot.
Post-Shanghai, withdrawals take up to 1–2 months. With improved liquidity, SaaS/small-pool models become even more attractive. This is currently my preferred option: low effort, slight setup, keep keys yourself, solid APR.
Model Four: Solo Staking
Finally, the holy grail: Solo Staking.
Solo means exactly that: you go it alone, no third parties. Maximum decentralization and security.
Solo stakers exclusively control both the 【validator key】 and the 【withdrawal key】.
-
Obvious advantages: Maximum security, no middlemen taking cuts, contributes diversity to Ethereum, and satisfies ideological purity!
-
Obvious drawbacks: Requires full self-management: time (node maintenance) and money (server costs). If not online 24/7, your APR drops slightly due to penalties.
This distinguishes a “barely functional” node from a “high-performance” one.
For example, current global block proposal success rate is ~97%. Vitalik himself may be a solo staker—yet he achieves only ~96%. Rocket Pool, being crowdsourced, averages ~95%.
Solo staking remains the eternal ideal. If you have enough capital, I strongly recommend exploring it.
Below 100K ETH? Revisit Models 2 and 3.
One side note: What is SSV Network? SSV is a research project focused on DVT (Distributed Validator Technology), which splits the validator key. It doesn’t compete with the above four models—it collaborates with them.
Once your validator key is split into four parts:
① If one operator goes offline, others can immediately take over;
② No single operator knows the full key—making validation more decentralized. This strengthens Lido, SaaS, and Solo setups alike.
Finally done! Though long, I hope this analysis helps clarify all staking models and their trade-offs. Feel free to bookmark and revisit. Share your preferred staking approach and join the discussion.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
