Deanonymizing Ethereum Validators: The P2P Network Has a Privacy Issue

TL;DR

This paper reveals that Ethereum's P2P network fails to protect validator anonymity, enabling deanonymization through a new methodology that locates and analyzes validator distribution and hosting details.

Contribution

The study introduces a practical deanonymization technique for Ethereum validators and empirically demonstrates its effectiveness using real network data.

Findings

Over 15% of validators located in the network

Validators' geographic and organizational distribution mapped

Method highlights privacy risks in Ethereum's P2P network

Abstract

Many blockchain networks aim to preserve the anonymity of validators in the peer-to-peer (P2P) network, ensuring that no adversary can link a validator's identifier to the IP address of a peer due to associated privacy and security concerns. This work demonstrates that the Ethereum P2P network does not offer this anonymity. We present a methodology that enables any node in the network to identify validators hosted on connected peers and empirically verify the feasibility of our proposed method. Using data collected from four nodes over three days, we locate more than 15% of Ethereum validators in the P2P network. The insights gained from our deanonymization technique provide valuable information on the distribution of validators across peers, their geographic locations, and hosting organizations. We further discuss the implications and risks associated with the lack of anonymity in the P2P network and propose methods to help validators protect their privacy. The Ethereum Foundation has awarded us a bug bounty, acknowledging the impact of our results.