Ethereum validators lack anonymity protection at the P2P layer, rendering their IP addresses susceptible to active correlation—posing significant privacy and security risks. This work introduces the first lightweight, consensus-layer-agnostic, and infrastructure-free deanonymization method: by reverse-engineering the devp2p protocol, we identify implicit temporal fingerprints linking node handshake behavior to validator identities; integrating multi-node collaborative observation with IP geolocation mapping enables precise validator attribution. Experiments demonstrate that just four ordinary observer nodes can, within three days, deanonymize over 15% of online validators—accurately identifying their hosting providers and geographic locations. Our findings expose a critical privacy vulnerability in Ethereum’s P2P layer and have been formally acknowledged by the Ethereum Foundation through its bug bounty program.

Many blockchain networks aim to preserve the anonymity of validators in the peer-to-peer (P2P) network, ensuring that no adversary can link a validator's identifier to the IP address of a peer due to associated privacy and security concerns. This work demonstrates that the Ethereum P2P network does not offer this anonymity. We present a methodology that enables any node in the network to identify validators hosted on connected peers and empirically verify the feasibility of our proposed method. Using data collected from four nodes over three days, we locate more than 15% of Ethereum validators in the P2P network. The insights gained from our deanonymization technique provide valuable information on the distribution of validators across peers, their geographic locations, and hosting organizations. We further discuss the implications and risks associated with the lack of anonymity in the P2P network and propose methods to help validators protect their privacy. The Ethereum Foundation has awarded us a bug bounty, acknowledging the impact of our results.