I think this vulnerability is not overcome in a proof-of-stake protocol without centralization.