01-31, 14:05–14:35 (Europe/Zurich), Beam Stage
This talk reveals how easily validators can be deanonymized in the Ethereum P2P network. We explore extracted data such as validator distribution and geolocation, discuss associated security risks, and discuss approaches to improve privacy.
Many blockchain networks aim to preserve the anonymity of validators in the peer-to-peer (P2P) network, ensuring that no adversary can link a validator's identifier to the IP address of a peer due to associated privacy and security concerns. This work demonstrates that the Ethereum P2P network does not offer this anonymity. We present a methodology that enables any node in the network to identify validators hosted on connected peers and empirically verify the feasibility of our proposed method. Using data collected from four nodes over three days, we locate more than 15% of Ethereum validators in the P2P network. The insights gained from our deanonymization technique provide valuable information on the distribution of validators across peers, their geographic locations, and hosting organizations. We further discuss the implications and risks associated with the lack of anonymity in the P2P network and propose methods to help validators protect their privacy. The Ethereum Foundation has awarded us a bug bounty, acknowledging the impact of our results.
Yann is a fourth-year Ph.D. student advised by Prof. Roger Wattenhofer in the Distributed Computing (Disco) group at ETH Zurich. His research focuses on blockchain protocols — particularly on consensus and networking mechanisms — with the aim of enhancing their scalability and security.