As of early 2026, just two or three builders are responsible for somewhere between 80 and 95% of all Ethereum blocks. The top three builders account for approximately 85.9% of block production and 86.8% of all MEV extraction on the network. The Herfindahl concentration index for Ethereum’s builder market stands at around 3,186 – roughly 2.5 times more concentrated than mining was before the Merge in 2022. For a network that has long held decentralization as a core value, these numbers represent a serious philosophical contradiction.

This is the problem Ethereum’s upcoming Glamsterdam upgrade, expected in the first half of 2026, is designed to begin addressing, alongside its successor Hegota, targeted for late 2026. The solutions being deployed represent the most comprehensive reform of Ethereum’s block building architecture since the introduction of MEV-Boost. 

They span four interconnected pillars: Enshrined Proposer-Builder Separation (ePBS), Fork-Choice Enforced Inclusion Lists (FOCIL), encrypted mempools, and network-layer privacy.

The MEV problem and why it matters

To understand these reforms, it helps to first understand what Maximal Extractable Value (MEV) actually is and why it has become such a gravitational force in Ethereum’s economy. MEV refers to any value that can be captured by manipulating which transactions get included in a block and in what order. Some forms of ME, like arbitrage that keeps prices aligned across decentralized exchanges, are arguably beneficial to market efficiency. But a large portion is what researchers and developers now call “toxic MEV.”

Toxic MEV manifests primarily through two attack patterns. Sandwich attacks occur when a bot detects a large pending trade in the public mempool, places an identical trade immediately before it to push the price up, then sells right after the victim’s trade executes at the inflated price. Frontrunning sees bots detect profitable transactions and copy them with higher gas fees, jumping the queue. Research through mid-2025 found that sandwich attacks occur more than once per block on average, with victims collectively paying an estimated $14 million per month in excess costs as a direct result.

The public mempool is the attack surface. Because every pending transaction is visible to the entire network before it lands in a block, sophisticated bots can scan for profitable opportunities and act on them within milliseconds. The professionalization of this activity has in turn driven block building into the hands of a small number of highly specialized actors with access to private order flow, co-location advantages, and deep integration with searcher networks.

The barrier to entry for new builders has risen sharply. Data from 2024 showed that a new builder needed to subsidize bids by more than 1.4 ETH just to achieve a one percent market share for a single week – a threshold that was effectively zero a year earlier. This creates a self-reinforcing feedback loop: exclusive order flow goes to dominant builders, which helps them win more blocks, which attracts more order flow. Breaking that cycle is what the 2026 upgrade agenda is fundamentally about.

ePBS: Enshrining the builder market in protocol

The centerpiece of Glamsterdam is Enshrined Proposer-Builder Separation, formalized in EIP-7732. The concept of PBS, separating the role of block proposers (validators) from block builders (specialized transaction orderers), has existed on Ethereum in an off-chain form since Flashbots introduced MEV-Boost. But MEV-Boost operates through trusted, off-chain relays that sit between validators and builders, introducing trust assumptions and potential censorship points that the protocol itself cannot enforce or audit.

12/ 🆙 Glamsterdam (Gloas + Amsterdam) upgrade is next

Headliners:
* enshrined Proposer-Builder separation (ePBS)
* Block-level Access Lists (BALs)

📅 targeting 2026https://t.co/0YLsuFFShm

Timeline artwork: @nixorokish pic.twitter.com/NR2Uvi9a79

— Ethereum (@ethereum) December 3, 2025

ePBS moves this entire system on-chain. Under EIP-7732, validators acting as block proposers commit to a builder’s block header through an on-chain auction mechanism rather than relying on an external relay to broker the deal. Builders stake collateral, submit bids publicly attached to block headers, and face protocol-enforced penalties if they fail to deliver execution payloads after winning an auction.

A key structural addition is the Payload Timeliness Committee – a group of validators that monitors whether builders actually deliver their payloads within protocol-specified windows, roughly four seconds for execution payloads and ten seconds for blob data. If a builder withholds a payload after committing to it, the slot is rendered empty and the builder faces forfeiture. This mechanism replaces the reputational trust that currently underpins MEV-Boost relays with cryptoeconomic enforcement.

However, ePBS introduces its own complications. The most discussed is the free option problem. After a proposer commits to a builder’s header, the builder has a short window, typically around eight seconds, to decide whether to actually deliver the full execution payload. If market conditions shift dramatically during this window, say a large arbitrage opportunity evaporates, the builder can simply withhold the payload and absorb the penalty rather than deliver a loss-making block. Simulations suggest that on highly volatile market days, this dynamic could render up to six percent of slots empty.

There is also a deeper paradox. While ePBS distributes rewards more fairly at the validator level, meaning smaller stakers benefit more equally, it may actually intensify centralization at the builder level, because builders capture an even larger share of MEV under the new structure. Vitalik Buterin acknowledged this directly in early March 2026: ePBS ensures that block builder centralization does not creep into staking centralization, but the problem of builder concentration itself remains unresolved. ePBS is a prerequisite for fixing that problem, not the fix itself.

Finally, the block building pipeline.

In Glamsterdam, Ethereum is getting ePBS, which lets proposers outsource to a free permissionless market of block builders.

This ensures that block builder centralization does not creep into staking centralization, but it leaves the…

— vitalik.eth (@VitalikButerin) March 2, 2026

FOCIL: Guaranteeing censorship resistance

FOCIL is Ethereum’s answer to the censorship risk that both ePBS and the current MEV-Boost system leave unaddressed. Originally proposed for Glamsterdam, FOCIL was formalized in EIP-7805 and was confirmed as the consensus-layer headline feature for Hegota during an All Core Devs call in late February 2026.

The mechanism is elegant in its logic. At each slot, 16 validators are randomly selected to serve as inclusion enforcers. Each of these validators compiles a list of transactions from the public mempool that they believe should be included in the upcoming block. If the block that actually gets built omits any transactions from these lists, the fork-choice rules, the protocol’s mechanism for determining the canonical chain, reject that block outright.

The implication is significant: even if a single hostile actor somehow captured 100% of block building, they could not prevent transactions from landing on-chain. The 16 randomly selected enforcers, drawn from a validator set of over one million, create a distributed inclusion enforcement mechanism that operates completely independently of whoever is building the block.

FOCIL has been controversial, and its removal from Glamsterdam reflects that. Critics argue it creates potential legal complications for validators, since the mechanism would effectively compel them to include transactions that might be flagged under sanctions regimes like OFAC – exactly the scenario that drove widespread censorship following the Tornado Cash sanctions in 2022. Others raise concerns about increased protocol complexity and the possibility of validator collusion in the selection process, particularly if enforcement can be gamed through coordination among large staking operators.

Buterin has proposed scaling FOCIL further through a concept called Big FOCIL, which would extend the model to cover all transactions in a given block rather than a mandated inclusion list. Under this design, inclusion enforcers would partition transactions by sender address, with each enforcer responsible for a distinct subset. Block builders would be reduced to handling only MEV-relevant ordering and state computation – a profound narrowing of their current role. If Big FOCIL were implemented, the competitive moat of specialized block builders would shrink dramatically, and the economic incentive driving centralization would diminish with it.

Buterin also noted that FOCIL pairs naturally with EIP-8141, a native account abstraction upgrade also slated for Hegota. With native smart wallet support, transactions from privacy protocols could be submitted through the public mempool and received directly by inclusion enforcers without requiring wrapper contracts or third-party intermediaries that introduce additional trust assumptions.

Encrypted mempools: Eliminating the frontrunning window

The encrypted mempool addresses a different layer of the problem entirely – not who builds the block or which transactions must be included, but whether transactions can be exploited during the time between when they are submitted and when they are included. The LUCID initiative, which is actively seeking inclusion in Hegota, would encrypt transaction contents until the moment of block finalization.

Under the current public mempool model, every pending transaction is fully visible to the entire network. This is precisely the transparency that enables sandwich attacks and frontrunning – bots can see what a trader intends to do before it happens and act on that information asymmetry. Encryption removes this window entirely. If no party can read a transaction’s contents before it lands in a finalized block, the information advantage that toxic MEV relies on ceases to exist.

The technical implementation is non-trivial. Encrypted mempools require that transactions remain verifiable and processable even while encrypted, meaning some form of cryptographic commitment must ensure that an accepted encrypted transaction can actually be decrypted and executed correctly once included. The system must also guarantee that decryption happens only after the block is finalized – otherwise the problem simply shifts to whoever controls the decryption keys, reintroducing centralization through the back door.

Several cryptographic approaches are under active investigation. Threshold encryption schemes distribute decryption authority across a set of validators, requiring a quorum to cooperate before any transaction can be read. Timelock encryption systems automatically unlock transaction contents at a predetermined block height, requiring no active coordination. Each involves tradeoffs between latency, validator coordination overhead, and the risk of decryption failure that could cause valid transactions to be dropped.

Even without a full protocol-level deployment, partial solutions already exist. Private RPC endpoints offered by MEV-Boost infrastructure providers let users bypass the public mempool entirely, but these require trusting a centralized operator. The protocol-level encrypted mempool aims to provide the same protection without any trusted third party sitting in the middle.

Network-layer privacy

The reforms above address what happens inside Ethereum’s protocol. But there is a fourth attack surface that Buterin highlighted in his March 2026 block building analysis: the network transport layer. Transactions submitted to the Ethereum network can be intercepted and analyzed by intermediate nodes before they even reach block builders. IP address correlation, network topology analysis, and timing attacks can all reveal information about pending transactions that enables exploitation, even before they hit the mempool.

Proposed defenses include Tor routing for transaction submission, Ethereum-specific mixnets that randomize propagation paths so transactions cannot be traced back to their originating node, and a latency-optimized privacy network called Flashnet that would provide network-layer anonymity while minimizing the delay cost that privacy measures typically impose. The Kohaku initiative is expected to add pluggable network-layer privacy support directly to Ethereum clients, allowing users to route transactions through anonymizing infrastructure without requiring changes to the core protocol.

The road ahead

The full picture emerging from Ethereum’s 2026 reform agenda is one of layered, sequenced transformation. Glamsterdam, expected in the first half of 2026, delivers ePBS as its headline change, fundamentally restructuring how block production is auctioned and enforced at the protocol level, following Pectra in May 2025 and Fusaka in December 2025. Hegota, targeted for late 2026, adds FOCIL as its consensus-layer centerpiece alongside EIP-8141 account abstraction. If the LUCID encrypted mempool proposal achieves inclusion in time, it would join as a third headline feature of that cycle.

Together, these reforms are increasingly described by Ethereum researchers as the “Holy Trinity of Censorship Resistance”: ePBS to formalize the builder market, FOCIL to guarantee transaction inclusion against a hostile builder, and encrypted mempools to protect users during the submission window. Network-layer privacy adds a fourth dimension that sits below the protocol but is essential to the complete picture.

Significant challenges remain. The free option problem in ePBS still requires careful mechanism design. FOCIL’s legal implications for validators handling sanction-flagged transactions need a clear resolution path. Encrypted mempools must solve verifiable decryption without prohibitive latency. And Big FOCIL, while structurally promising, would fundamentally disrupt the revenue models of infrastructure providers that have built significant businesses around MEV extraction.

What is not in doubt is the urgency. The convergence of regulatory pressure following the Tornado Cash affair, demonstrated harm to ordinary users from toxic MEV, and compounding builder market concentration has shifted these issues from research agenda to deployment roadmap. Ethereum’s next phase is not only about processing more transactions faster. It is about ensuring those transactions are processed fairly and the block building reforms scheduled for 2026 are the most serious attempt yet to make that a protocol-level guarantee.