Bitcoin's Real Vulnerability: Five Hosting Providers Control 33% of Nodes
A new Cambridge study analyzed 11 years of Bitcoin network data and identified the real vulnerability: five hosting providers that control one-third of clearnet nodes, not physical submarine cable infrastructure.
Key Takeaway
Bitcoin survived cable cuts, but five hosting providers control a third of clearnet nodes.
Cambridge University researchers Wenbin Wu and Alexander Neumueller analyzed 11 years of Bitcoin network data and found something striking: the network shrugged off 68 verified submarine cable failures between 2014 and 2025.
When seven cables were severed off Côte d'Ivoire in March 2024, the Internet Outage Detection and Analysis system recorded a severity score above 11,000 for the region. Bitcoin's network barely noticed. Around five nodes went offline, representing just 0.03% of the network and a 2.5% impact well within normal fluctuations.
The researchers cross-referenced 8 million Bitcoin node observations against 658 submarine cables and 385 cable fault events. Eighty-seven percent of verified cable events caused less than 5% node change. The mean impact was negative 1.5%, the median just negative 0.4%. The correlation between node disruption and Bitcoin price was essentially zero at r equals negative 0.02.
But the study identified a real chokepoint. A March 2026 Bitnodes snapshot showed 23,150 reachable Bitcoin nodes, with 14,602 running on Tor—63.1% of the network. That's up from near-zero Tor adoption in 2014, 2,478 nodes in 2021, and 7,617 nodes by 2022. Researchers attributed the surge to censorship events like Iran's 2019 shutdown, Myanmar's 2021 coup, and China's mining ban the same year.
The remaining clearnet nodes concentrate heavily on five providers: Hetzner hosts 869 nodes, Comcast and OVHcloud each host 348, Amazon Web Services has 336, and Google Cloud runs 313. The researchers warned that coordinated pressure on a handful of hosting networks could disrupt visible nodes an order of magnitude more effectively than random infrastructure failures. They framed the risk as hosting provider shutdowns or coordinated regulatory action, not physical cable cuts.
The team built a multiplex network model with 354 submarine cable edges connecting 225 countries. Random cable removal wouldn't cripple Bitcoin until 72% to 92% of cables failed. High-betweenness cable targeting dropped the threshold to 20%. ASN-targeted attacks on top autonomous systems required just 5% to cause serious damage. Even complete clearnet removal would leave most nodes operational because Tor hosts 14,602 nodes.
This article was written based on reporting from CryptoSlate.
