The data does not lie, only the narrative does. A new study from the Cambridge Centre for Alternative Finance has quantified a long-simmering concern within Ethereum’s infrastructure: node activity is dangerously concentrated. Over 31% of Ethereum’s nodes are located in the United States, and more than 60% of those rely on just two cloud providers—Amazon Web Services and Google Cloud. This is not a theoretical risk. It is a measurable imbalance that directly threatens the network’s core promise of censorship resistance and liveness.
Context Ethereum’s consensus layer depends on a network of validators running nodes. These nodes process transactions, maintain the ledger, and enforce protocol rules. The study, conducted by the Cambridge Centre for Alternative Finance, analyzed node distribution across geographies and hosting providers. Using publicly available peer-to-peer data, the researchers mapped over 4,500 unique node IP addresses. The methodology is straightforward: trace the origin of each node’s connection and its cloud provider. The results are clear—Ethereum is more centralized in the physical layer than most realize.
Core Analysis Let me walk through the evidence chain. First, geographic concentration. 31% of nodes reside in the United States. The next largest clusters are Germany (18%) and Finland (5%). This means a single jurisdiction controls nearly a third of the network’s block production capability. From my 2022 forensic analysis of the Terra collapse, I learned that geographic concentration amplifies regulatory risk. If the U.S. Office of Foreign Assets Control (OFAC) decides to enforce sanctions on Ethereum transactions, it can pressure these node operators or their cloud providers to censor blocks. The network’s finality—the point at which a block cannot be reverted—becomes subject to political will.
Second, cloud provider dependency. Over 60% of U.S. nodes run on AWS or Google Cloud. Worldwide, the top three cloud providers host nearly half of all Ethereum nodes. This creates a single point of failure. A major outage at AWS, as seen in 2020 when a network error took down a significant portion of the internet, could cascade to Ethereum. The network would likely pause block production, and finality would stall. Decentralization is not just about number of nodes; it is about diversity of underlying infrastructure. The ledger records every output, but the inputs—the compute and network—are concentrated.
Third, the implications for staking and Layer 2. Large staking pools like Lido and Coinbase’s staking service run their validators on these same cloud providers. They choose them for reliability and performance. But this centralization trickles down. If the cloud provider is compromised or forced to block transactions, the validator goes offline. Layer 2 networks that rely on Ethereum for data availability and finality will see their own security undermined. The silence between the blocks reveals the true intent—the market is comfortable with this risk because it has never materialized.
Contrarian Angle Correlation is not causation. The study shows centralization, but that does not mean the network is fragile. In fact, Ethereum has survived multiple crises—the 2020 DeFi crash, the 2022 Terra collapse, and even the 2023 staking withdrawals. The protocol’s engineering is robust enough to handle short-term outages. Moreover, the market has priced in this risk for years. Bitcoin’s mining pool distribution is similarly concentrated; the top three pools control over 50% of hashrate. Yet Bitcoin has never been taken down by a single regulator. The difference is that Bitcoin’s PoW is more opaque—you cannot geolocate a mining rig as easily as an Ethereum node. This is a data point, not a death sentence.
The real blind spot is the assumption that decentralization must be uniform. It does not. What matters is the network’s ability to recover from a concentrated shock. Ethereum’s client diversity—Geth and Nethermind dominate—is also a risk, but that is a separate issue. The Cambridge study’s flaw is that it treats node location as equivalent to control. Node operators can be non-custodial; they do not control user funds. A forced shutdown would inconvenience users, not compromise asset security.
Takeaway Yields are temporary; the ledger remains eternal. But the ledger is only as eternal as the infrastructure that runs it. The next week’s signal to watch: the percentage of nodes running on AWS vs. alternatives. If the community responds by migrating to smaller, geographically diverse providers or adopting distributed validator technology (DVT), the risk diminishes. If the concentration remains unchanged, prepare for a regulatory shock. The data does not lie—only our inaction will.