quoting
naddr1qq…flenThe channel graph is public
Open a block explorer. Look up any #lightning channel. You can see which two nodes opened it, how much #bitcoin they locked in, and which on-chain UTXO funded it. This information is broadcast to every node on the network through gossip messages defined in BOLT #7. Channel announcements, node announcements, fee rate updates. Every node builds a local copy of the entire topology.
As of late 2025, that graph contains roughly 44,000 active payment channels across about 12,600 nodes. Each channel has a funding transaction on the Bitcoin blockchain, and each funding transaction has inputs that came from somewhere.
For most people, those inputs came from a KYC exchange. The exchange knows your identity. The funding transaction links that identity to your Lightning node. The gossip protocol tells the world which channels your node has. Anyone watching can start building a picture of your payment activity before you've routed a single sat.
I wrote about the Lightning Network's architecture in my article explaining it for TCP/IP people. The onion routing is real. The privacy guarantees are less real than most users assume.
What routing nodes see
Lightning uses onion routing derived from the same cryptographic family as Tor. The sender builds the entire payment path and wraps the routing instructions in layers of encryption. Each intermediate node decrypts its layer, reads the next hop, and forwards the payment. No intermediate node can see the full path.
That is the theory. In practice, every routing node sees three things: the payment amount, the previous hop, and the next hop. It also sees the HTLC hash, which is currently the same across every hop in the route. If an attacker controls two nodes on the same payment path, they can match the hash and know with certainty that both hops belong to the same payment.
A 2020 study by Nisslmueller, Foerster, Schmid, and Decker showed that the single most central node on the Lightning Network could observe close to 50% of all payments. The four most central nodes together observed an average of 72%. An adversary controlling just 2% of nodes could learn sensitive payment information, including sender, receiver, and amount, with over 50% precision.
The centralization makes this worse. The Gini coefficient for Lightning's capacity distribution has risen from 0.85 in 2018 to over 0.97 in 2025, according to a study by Atmanaviciute et al. published in IEEE Access. A tiny fraction of hub nodes controls most of the network's liquidity and routes most of its traffic. If you wanted to surveil Lightning payments, you wouldn't need to compromise the whole network. You'd need to compromise a handful of well-connected hubs.
Probing: mapping balances without spending a sat
Channel capacities are public. Channel balances are not. But researchers have shown, repeatedly, that balances can be discovered through probing.
The technique is simple. An attacker sends a payment through a target channel using a fake payment hash. The payment will fail, because the hash is bogus. But the failure message reveals whether the channel had enough balance to forward the payment. By binary-searching different amounts, an attacker can pin down the exact balance of any forwarding channel.
Tikhomirov, Pickhardt, Biryukov, and Nowostawski demonstrated in 2020 that this takes under a minute per channel and costs nothing. The attacker commits some capital to set up the probing payments, but since they always fail, no sats are spent. A follow-up paper at Financial Cryptography 2022 extended the technique to parallel channels and showed that combining probing with channel jamming extracts even more precise balance information.
Take two snapshots an hour apart. Diff the balances. You now know where money moved. You don't know who sent it, but you know which channels carried it and in which direction. Combine that with the public topology, the known capacity constraints, and some timing analysis, and the anonymity set shrinks fast.
What the chain sees
Every Lightning channel starts and ends on the Bitcoin blockchain. Opening a channel creates a 2-of-2 multisig UTXO. Closing one reveals the final balance split.
For public channels, the gossip protocol announces the funding transaction outpoint. Any observer can link the channel to its on-chain anchor. If the funding inputs trace back to a KYC source, the node operator's identity is linked. If the closing transaction's outputs flow to another identified address, the circle closes.
Romiti, Victor, Moreno-Sanchez, and others published cross-layer deanonymization results at Financial Cryptography 2021. Their linking heuristics connected 46% of all Lightning nodes to 30% of Bitcoin addresses interacting with the network. They attributed identifying information, like aliases and IP addresses, to 21% of those Bitcoin addresses. Five entities controlling 36 nodes held over 33% of the total network capacity.
"Private" channels, the ones not announced through gossip, fare only slightly better. They don't appear in the public graph, but they still create on-chain transactions. Force-closing a private channel reveals Lightning-specific scripts that are identifiable by anyone scanning the blockchain. And when you include a private channel in a payment invoice as a routing hint, you reveal its existence to whoever holds that invoice.
The custodial problem
If you use a custodial Lightning wallet, the privacy analysis ends here. The custodian sees everything. Every payment, every amount, every counterparty, every timestamp. Wallet of Satoshi's privacy policy says they collect transaction data including amounts, timestamps, and wallet addresses, and may disclose it to regulators or law enforcement when required by law.
Even supposedly non-custodial wallets have the same problem when they depend on a single Lightning Service Provider. ACINQ, the company behind Phoenix, has acknowledged that their node knows the final destination and amount of all Lightning payments made through the wallet. This happens because Phoenix uses trampoline routing, and ACINQ's node is currently the only trampoline router. They've described this as a liability they want to eliminate, and the fix requires other people to run trampoline nodes. As of early 2026, that hasn't happened.
If you use Phoenix for self-custody but route every payment through a single node that sees where your money goes, you've solved one problem and left another wide open. The sats are yours. The metadata is theirs.
Chainalysis is selling this as a service
In December 2021, Chainalysis announced it would add Lightning Network monitoring to its Know-Your-Transaction platform. They described it as the first blockchain analysis product for Lightning. Their clients include the FBI, IRS, DEA, SEC, and CFTC. The company has earned over $10 million from government contracts and was valued at $4.2 billion after its Series E.
What can they actually see? Primarily on-chain activity. Channel opens, channel closes, the UTXO graph that connects them. They reported detecting 90,000 open public channels by late 2021. They can decode Lightning invoices to identify destination nodes. They can screen deposits and withdrawals at exchanges that use their KYT platform.
What they probably cannot see, at least not at scale, is what happens inside channels between open and close. Off-chain payments don't touch the blockchain. Onion routing hides the full path from intermediate nodes. To surveil arbitrary peer-to-peer Lightning payments, Chainalysis would need to run anonymous routing nodes, provide liquidity, and perform traffic analysis. Researcher Shinobi noted that if they control several nodes, they could use decrementing timelocks to estimate how many hops a payment is from its source or destination.
Whether they do this is unknown. They haven't disclosed their methodology. The community has asked them to reveal their node public keys so they could be blacklisted. Chainalysis has not obliged.
What actually helps
Here is where I push back a little, because the picture isn't entirely bleak.
Taproot channels, shipped in LND 0.17 in October 2023, make channel opens and cooperative closes look like regular single-signature Bitcoin transactions on-chain. This is a genuine improvement. An observer scanning the blockchain can no longer trivially identify which transactions are Lightning channel operations.
BOLT 12 offers with blinded paths hide the receiver's node identity behind intermediate introduction points. The sender constructs the payment without knowing who they're paying. This is deployed in CLN and Phoenix, though LND support is still in progress.
Point Time-Locked Contracts, when they finally ship, will fix the payment hash correlation problem. Instead of every hop seeing the same HTLC hash, each hop gets a different, random payment identifier. An attacker controlling two nodes on the path could no longer correlate them. PTLCs have been in discussion since 2018 and remain undeployed in production as of early 2026. Lightning Labs CTO Olaoluwa Osuntokun has cautioned against underestimating how long the network-wide upgrade will take.
Cashu and Fedimint add ecash layers on top of Lightning where the privacy guarantees are cryptographic rather than architectural. I wrote about Cashu's blind signature scheme in my ecash article. The tradeoff is custodial trust, but for small amounts the privacy gain is real.
And running your own node with channels opened using coinjoined UTXOs, over Tor, with private channels, is still the gold standard. Almost nobody does this.
The gap
#bitcoin's Lightning Network is more private than transacting on-chain. That is a low bar, and clearing it is not the same as being private.
The channel graph is public. The on-chain anchors are traceable. Balance probing is cheap and fast. A handful of hub nodes see most of the traffic. Custodial wallets hand your metadata to companies that will share it with whoever asks. Chain analysis firms are already selling surveillance products for this network.
Taproot channels are live. Blinded paths are shipping. PTLCs are on the roadmap. But the surveillance infrastructure got here first. If you're using Lightning today and assuming privacy, the payment graph is talking about you whether you know it or not.
#bitcoin #lightning #privacy
Tim Bouma on Nostr: Good article about the (non) privacy of Lightning. It mentions how ecash can be a ...
Good article about the (non) privacy of Lightning. It mentions how ecash can be a private payment layer on top. #Nostr #Safebox does exactly this - all payments between #safebox addresses are negotiated as ecash, even though they look like Lightning payments. The payments don’t touch Lightning at all.