MethodologyResultsServer MetadataNetwork TopologyHoneypot IndicatorsAbout

Electrum Observatory

Electrum is one of the most widely used Bitcoin light wallets. Because it relies on remote servers instead of full validation, its trust model differs significantly from Bitcoin Core. This project empirically investigates whether the Electrum server ecosystem shows signs of centralization, surveillance, fingerprinting, or honeypot-like behavior.

The Electrum Observatory maps the global Electrum network, analyzes server metadata, performs behavioral fingerprinting, identifies suspicious clusters, and measures privacy risks affecting millions of Bitcoin users.

Electrum Logo

Network Mapping

Enumeration of reachable Electrum servers, including infrastructure metadata, latency, protocol versions, and TLS certificate analysis.

Behavioral Fingerprinting

Controlled queries detect deviations from reference behavior, revealing shared operators, modified backends, or surveillance patterns.

Privacy Analysis

Assessment of xpub/address leakage, IP correlation, timing fingerprints, and client-side deanonymization vectors.

Honeypot Research

Detection of TLS certificate reuse, identical behavior clusters, abnormal uptime, and infrastructure patterns consistent with monitoring nodes.

Threat Model

The Electrum ecosystem exposes users to several privacy and surveillance risks. The following threat model summarizes the adversaries, capabilities, and assets at risk within the network.

1. Adversary Types

  • Blockchain analytics firms — deanonymization of wallet activity.
  • Governments & law enforcement — monitoring financial flows.
  • Malicious individuals — IP harvesting, phishing, tracking.
  • Commercial entities — large-scale traffic analytics.

2. Adversary Capabilities

  • Operate many Electrum servers across different networks.
  • Collect IP addresses, address queries, and xpub-derived identifiers.
  • Perform active fingerprinting and timing correlation.
  • Log incoming traffic indefinitely.
  • Deploy modified or custom Electrum server implementations.

3. Assets at Risk

  • User IP addresses and identity patterns.
  • Address reuse and behavioral habits.
  • Xpub leakage revealing wallet structure.
  • Timing metadata that fingerprints wallets.
  • Client software fingerprints.

4. Project Security Posture

The Electrum Observatory does not deanonymize users. It performs only controlled, non-sensitive scans and adheres to strict ethical research practices. The objective is to measure privacy risks — not exploit them.