Transaction Fingerprinting

Transaction fingerprinting (also called wallet fingerprinting) is the practice of inferring which wallet software built a Bitcoin transaction from the implementation choices baked into it. Every wallet makes deterministic decisions when assembling a transaction, and those decisions leak. Once an observer guesses the wallet, they narrow the universe of possible owners and strengthen other clustering attacks.

The telltale signals

Common fingerprintable traits include input and output ordering (whether the wallet follows the BIP69 lexicographic standard or not), the nLockTime value, whether replace-by-fee is signalled, the address types used, fee-rate targeting, and how the change output is positioned. Research analysing major wallets has catalogued more than thirty distinct traits; even a single transaction can identify the originating wallet with meaningful accuracy, and the success rate climbs as heuristics improve.

Why it undermines fungibility

Fingerprinting compounds with change detection and the common-input-ownership heuristic. If a tumbler or a privacy-conscious user produces transactions that still carry their wallet's signature, the "ordinary-looking" output can be unmasked and the privacy gain erased. The defensive response is to construct transactions that look generic: matching the dominant ecosystem conventions, ordering inputs and outputs by standard rules, and avoiding idiosyncratic fields. This is self-defense, not obfuscation — a fungible coin should not betray the tool that moved it.

Fingerprinting feeds directly into wallet clustering, and protocols engineered to deny these linkages are described under output linking resistance.