LIVE THREAT — ETHEREUM MAINNET

YOU
ARE
VISIBLE.

Researchers from ETH Zurich identified the home IP addresses of 15% of all Ethereum validators — using four nodes and 72 hours of passive observation. No exploit. No hacking. Just watching.

0
VALIDATORS EXPOSED
72h
TIME TO DEANONYMIZE
4
NODES REQUIRED
SCROLL

THE ATTACK

How They Find
Your Node

STEP 01 ///
Your node joins attestation subnets
Every Ethereum validator subscribes to specific gossip subnets based on its committee assignments. These subscriptions are announced publicly over the discv5 discovery protocol. Every peer you connect to can see which subnets you're subscribed to.
STEP 02 ///
Subnet subscriptions are a fingerprint
The combination of subnets a node is subscribed to at any given time is highly unique. Like a fingerprint. And unlike a fingerprint, this fingerprint is broadcast to every node in the network — including the four nodes an attacker controls.
STEP 03 ///
The fingerprint maps to your IP
Ethereum Node Records — the identity cards nodes exchange — include your cleartext IP address alongside your fingerprint. Four observer nodes, 72 hours of data, and a correlation table. Heimbach et al., USENIX 2025: over 15% of all validators linked to real-world IP addresses.

BY THE NUMBERS

The Scale of
Exposure

15% OF ALL ACTIVE VALIDATORS
SUCCESSFULLY DEANONYMIZED Heimbach et al., USENIX Security 2025
900k+ VALIDATORS ON ETHEREUM
MAINNET TODAY ~135,000 validator IP addresses exposed in this attack
$0 COST TO RUN THE ATTACK
FOUR STANDARD NODES No zero-days. No specialized hardware. Just observation.

THE SOLUTION

35 Bytes.

Bitcoin solved this in 2021. BIP-155 added native I2P address support to Bitcoin's peer discovery protocol. Monero followed. Both projects made the same observation: if you want a node to be private, give it a private address.

Ethereum has Ethereum Node Records — a flexible key-value format designed for exactly this kind of extension. Adding a new key requires no consensus from the core team. The spec says so explicitly.

We're adding one. "i2p": a 32-byte hash of an I2P destination address. Any node that understands it can route its peer connections through the I2P anonymization network. Any node that doesn't — silently ignores it.

i2p-python is the native Python implementation of the I2P protocol that makes this possible. A complete, from-scratch port of the Java I2P router — 3,240+ tests, 14 crypto primitives, NTCP2 and SSU2 transports, full SAM bridge. Not a wrapper. Not a binding. A real implementation.

Zero breaking changes. Full backwards compatibility. Optional. Additive. And it eliminates the attack vector entirely.

// WITHOUT I2P
validator-001 · 82.144.21.9
validator-002 · 51.91.78.202
validator-003 · 95.216.4.17
observer · 104.21.0.1
ENR record includes:
ip=82.144.21.9
secp256k1=[pubkey]
attnets=[bitmask] ← fingerprint
// WITH I2P
validator-001 · [hidden]
validator-002 · [hidden]
validator-003 · [hidden]
observer · 104.21.0.1
ENR record includes:
i2p=3a9f1c2d8e... ← 32 bytes
secp256k1=[pubkey]
attnets=[bitmask]

COMPETITIVE ANALYSIS

Why Not
Tor?

Every existing privacy network was evaluated. Only one passes all the requirements Ethereum's peer-to-peer stack actually demands.

Requirement Tor Nym HOPR Lokinet I2P
UDP support (discv5) TCP only No No Yes Yes
Hidden services (both sides) Yes No No Yes Yes
No token required Yes NYM token HOPR token OXEN stake Yes
Latency < 200ms ~150ms 500ms+ 300ms+ ~100ms ~80ms
Production network Yes Testnet Limited Small 50k+ nodes
Bitcoin precedent (BIP-155) Yes No No No Yes

THE IMPLEMENTATION

i2p-python:
From Scratch

Not a wrapper. Not a binding. A complete reimplementation of the Java I2P router in Python — every protocol, every crypto primitive, every transport layer.

3,240+ TESTS PASSING
15 SOURCE PACKAGES
14 CRYPTO PRIMITIVES
34 INDEPENDENT REPOS

GET INVOLVED

You Can Just
Build Things.

The implementation is here. The EIP is drafted. A test network is being stood up. We're not waiting for permission — the ENR spec was designed to be extended without it.

SEE THE FIX READ THE BUILD LOG GITHUB