MethodologyResultsServer MetadataNetwork TopologyHoneypot IndicatorsAbout

Electrum Network Topology

The Electrum network does not operate like a traditional peer-to-peer system. Instead, it forms a global collection of independent servers, each backed by a Bitcoin full node, providing data to lightweight clients. This page describes the structural characteristics of the network and the topology metrics measured by the Electrum Observatory.

1. Electrum Network Structure

Unlike Bitcoin Core nodes, which participate in a decentralized P2P mesh, Electrum clients follow a simpler client → serverrelationship. Servers are not required to talk to each other.

  • Servers do not form a peer graph.
  • Clients connect directly to a chosen server via TCP/SSL.
  • Each server runs independently, without coordination.
  • Server discovery relies on external lists and DNS seeds.
Client to Independent Servers

2. Server Components

An Electrum server is effectively a gateway to blockchain data, powered by a full Bitcoin node and a protocol-specific backend.

  • A full Bitcoin node (Bitcoin Core)
  • ElectrumX / Electrs / ElectrumServer implementation
  • Network interface for TCP or SSL connections
Node Backend Interface

3. Raw Server Metadata

Raw JSON output collected during active network scanning. This includes IP reachability, banner strings, protocol negotiation, TLS fingerprints, and basic latency measurements.

Technique Used

  • Asynchronous Electrum protocol handshake
  • Direct TCP and SSL probing
  • TLS certificate extraction (OpenSSL API)
  • Response parsing for metadata fields
Placeholder: preview of raw metadata JSON

4. Public Topology Characteristics

Since servers do not connect to each other, the network resembles a large directory of independent endpoints rather than a distributed overlay network.

  • No global peer-to-peer graph.
  • Server lists act as discovery points.
  • No built-in cryptographic trust model.
  • Clients often remain attached to the same server for long periods.
  • Anyone can deploy a server instantly — lowering the barrier for surveillance.

5. Topology Metrics Measured

The Electrum Observatory measures several dimensions of network structure to assess decentralization, operator diversity, and surveillance risks.

5.1 Server Count & Reachability

  • Number of reachable TCP servers
  • Number of reachable SSL servers
  • Success/failure connection ratios
Reachability Distribution
Protocol Availability

5.2 Geographic Distribution

  • GeoIP country-level mapping
  • City-level clustering (when available)
  • ISP/ASN distribution
Global Network Map

5.3 Infrastructure Concentration

  • Fraction of nodes on cloud providers
  • Grouping by hosting provider
  • Clusters inferred from certificate reuse

5.4 Software Diversity

  • ElectrumX version distribution
  • Electrs version distribution
  • Presence of modified or unknown implementations

5.5 Latency Graph

Latency patterns help infer geographic proximity, server clustering, and whether servers sit behind load balancers or monitoring layers.

Latency Density

6. Topology Risks

The structural properties of the Electrum network create meaningful privacy and security risks for end users.

  • High concentration in major cloud providers.
  • Minimal transparency about server operators.
  • Lack of cryptographic authentication of server identity.
  • No peer validation or DHT-based mitigation.
  • Single-server compromise directly impacts connected clients.