Author: CryptoSlate

Translated by: Deep Tide TechFlow

Deep Tide Overview: A research team from Cambridge University used 11 years of data and 68 undersea cable failure events to prove that the cutting of submarine cables has almost no impact on the Bitcoin network. However, they simultaneously identified a real vulnerability—not in the sea, but among cloud service providers such as Hetzner, AWS, and Google Cloud. The conclusion of this research is a strong rebuttal to the theory of "Bitcoin vulnerability" and provides a quantitative framework for real infrastructure risks.

The full text is as follows:

In March 2024, undersea disturbances off the coast of Côte d'Ivoire cut seven undersea cables, severely affecting regional internet, with an Internet Outage Severity score (IODA) exceeding 11,000.

For Bitcoin, the global impact was minimal. The affected area had only about five nodes, accounting for approximately 0.03% of the entire network, with an impact of -2.5%, within normal fluctuation ranges.

No price fluctuations, no consensus interruptions.

A new Cambridge study covered 11 years of data for the Bitcoin network and 68 verified submarine cable failure events, concluding that disruptions caused by submarine cable failures have historically been extremely limited for the Bitcoin network.

In contrast, coordinated attacks targeting a few hosting networks disrupt visible nodes more effectively than random infrastructure failures, with effectiveness differing by an order of magnitude.

Notably, China's regulatory crackdown on mining and the global popularization of anti-censorship infrastructure may have inadvertently pushed Bitcoin towards a more robust network topology.

Tor, long considered a privacy tool, has now become a layer of structural resilience. Most Bitcoin nodes now operate on Tor.

Empirical Data Contradicts Concerns

Cambridge researchers Wenbin Wu and Alexander Neumueller built a dataset covering 2014 to 2025: 8 million Bitcoin node observation records, 658 submarine cables, and 385 cable failure events, cross-referenced with interruption characteristics.

Among 385 reports, 68 matched verifiable interruptions, with 87% of verified cable events resulting in node changes of less than 5%. The average impact was -1.5%, with a median of -0.4%.

The correlation between node interruptions and Bitcoin prices is nearly zero (r = -0.02). Cable failures dominating regional headlines typically leave no trace in Bitcoin's distributed network.

The study modeled Bitcoin as a multi-layer network: a physical connection layer linking 225 countries through 354 submarine cables, a routing infrastructure layer (autonomous systems), and a Bitcoin peer-to-peer overlay layer.

In the case of randomly removing cables, the critical threshold for more than 10% of nodes disconnecting was between 0.72 and 0.92. Before substantial fragmentation of Bitcoin occurs, all inter-country cables must fail.

Where the Real Weakness Lies

The operation of directed attacks is entirely different. Randomly removing cables requires the removal of 72% to 92% of cables to reach the 10% node disconnection threshold; targeted attacks on high-betweenness centrality cables see this proportion drop to 20%.

The most effective strategy is to target top autonomous systems (ASN) by node count, requiring only the removal of 5% of routing capacity to reach the threshold.

The authors qualitatively describe this ASN targeted scenario as "hosting provider shutdown or coordinated regulatory actions, rather than actual physical cable cuts." The top networks identified by the model include: Hetzner, OVHcloud, Comcast, Amazon Web Services (AWS), and Google Cloud.

The March 2026 Bitnodes snapshot confirms this pattern: among 23,150 accessible nodes, Hetzner hosted 869, Comcast and OVH each hosted 348, Amazon 336, and Google 313.

This is not to say "five providers can destroy Bitcoin."

Even with the complete removal of the public network, most nodes would still operate because Tor carries a substantial part of the network. However, this finding reveals where coordinated actions could cause connection shocks and propagation interruptions that random cable failures did not.

Recent cloud service outages illustrate this category of risk. Amazon attributed a March 2026 outage to a software deployment failure, and reports described outages in AWS's Middle East region after a data center was attacked.

These events did not have a meaningful impact on Bitcoin, but they demonstrate that provider-linked failures are a real phenomenon and not a theoretical assumption.

Tor as a Structural Resilience Layer

The composition of the Bitcoin network has changed significantly.

Tor adoption rates grew from nearly zero in 2014 to 2,478 nodes in 2021 (making up 23%), and then to 7,617 nodes in 2022 (52%). As of March 2026, among 23,150 accessible nodes, 14,602 were Tor nodes, representing 63%. This growth coincided with several censorship events: the internet shutdown in Iran in 2019, the military coup in Myanmar in 2021, and the Chinese mining ban in 2021.

Node operators turned to anti-censorship infrastructure without coordination, indicating the network's adaptive self-organizing capacity.

Tor presents a challenge: most Bitcoin nodes are now unobservable by location.

The authors addressed this issue by constructing a four-layer model that considers the Tor relay infrastructure as a distinct network layer. Tor relays are known physical servers.

Using consensus weight data from 9,793 relays, the authors modeled how cable failures cutting off national connections could simultaneously take relays offline.

The study's conclusions were unexpected. The four-layer model consistently produced higher critical failure thresholds than a model considering only the public network, with improvements ranging from 0.02 to 0.10.

The majority of Tor relay consensus weights are concentrated in Germany, France, and the Netherlands—countries with extensive cable connections. Cutting off peripheral nations' connections through cable failures does not diminish the relay capacity of these well-connected countries.

Attackers must remove more infrastructure to disrupt both public network routing and Tor circuits simultaneously.

The Chinese Factor

Bitcoin's resilience hit a low of 0.72 in 2021, coinciding with a peak in hash rate concentration.

Cambridge data show that 74% of hash power was in East Asia in 2019. The geographical concentration of nodes caused public network resilience to drop 22% from its peak between 2018 and 2021.

The rebound in 2022 was vigorous. Following the Chinese mining ban, with the decentralization of infrastructure, the threshold rose to 0.88, while Tor adoption accelerated.

The authors avoid a singular causal conclusion, but regulatory pressure drove geographical redistribution and fueled the adoption of anti-censorship infrastructure—both enhancing network robustness.

Apparent centralization partly arises from measurement errors. As Tor adoption increased, the public network sample concentrated in fewer locations, with the Herfindahl-Hirschman Index rising from 166 to 4,163, but Hetzner's actual share decreased from 10% to 3.6%. This concentration reflects changes in sample composition rather than actual centralization.

Cloud Services are the Real Risk

Concerns over undersea cable security will continue to heat up. Investigations in the Baltic Sea, the European Commission's security toolbox, and reports regarding Russian infrastructure all point to ongoing geopolitical anxieties.

For Bitcoin, historical data indicates that most cable events are noise.

The infrastructure issues that truly warrant attention are whether policy coordination, cloud service interruptions, or hosting restrictions can create connection shocks at the autonomous system level.

The operational threshold for ASN targeted scenarios stands at 5% of routing capacity, which is the critical point where accessible public network nodes experience noticeable disconnections, rather than consensus failures.

The majority share of Tor provides a baseline in extreme scenarios. The protocol layer mechanisms not included in the study—such as block relay networks, compact block relays, and Blockstream satellites—add additional layers of resilience, making the estimates conservative.

Bitcoin is not as weak as critics imagine, but it is also not completely detached from its infrastructure.

The network displays graceful degradation under pressure rather than catastrophic collapse. Censorship pressures drive infrastructure adoption, which in turn enhances the ability to withstand coordinated risks.

The threat model featuring submarines cutting undersea cables overlooks closer choke points: a few networks where coordinated actions can create temporary interruptions without dramatic underwater incursions or warlike actions.