An eclipse attack is an assault on a blockchain network which manipulates participants in order to compromise its operations. Eclipse attacks target nodes on a blockchain, cutting them off from the rest of the network in order to accept and process specific data beneficial to the attacker.
Eclipse Attack in Blockchain: What is it?
A blockchain peer-to-peer (P2P) network consists of nodes relaying information about the blockchain’s activity to each other. This network is often highly decentralized and involves nodes spread over a large physical area in a number of different physical environments. To make the blockchain work, they need to achieve consensus about the data being generated in order to produce valid blocks.
Bitcoin (BTC) was the first cryptocurrency network to overcome this challenge, known as the Byzantine General’s problem, at scale, using its Proof-of-Work (PoW) algorithm to allow nodes that cannot see it's each other’s operations or reliably communicate with every other node at once to still ratify and validate transactions.
This lack of visibility, however, means that the potential to obscure a node’s view of the rest of the network and manipulate it into running on “fake” data remains. One way in which hackers do this is via a so-called eclipse attack.
In an eclipse attack, the hacker forces a node to connect to fake peers under their control. They can then control the data that node receives, and the node ends up validating that false data instead of the legitimate “real” data that the rest of the network does. The victim usually has no idea what is happening, and as such, eclipse attacks are often a launchpad for a large-scale assault on a P2P blockchain.
How do Blockchain Eclipse Attacks Work?
Eclipse attacks start by selecting and targeting a node on a blockchain network. The attacker creates fake nodes which join the network — these could be botnets or phantom networks — which then effectively spam the target node, sealing it off from the rest of the network.
The attacker can use a Distributed Denial of Service (DDoS) attack so that the victim then reconnects to their new “fake” nodes instead of the legitimate ones previously used.
Once this is done, the target node is in fact being fed a stream of spurious data from nodes which serve the attacker’s ends. The target ends up validating this data, which in turn compromises the entire blockchain’s validity.
This is all possible because on a blockchain network, not all nodes can communicate with all other nodes in real time. Each node has a smaller subset of others with which it communicates, and replacing this smaller number of nodes with malicious ones is how an eclipse attack can begin.
The reasoning behind the attack’s name thus becomes obvious — a node’s view of the rest of the network is “eclipsed” or obscured.
What are the Consequences of an Eclipse Attack?
Eclipse attacks often end up running unnoticed by network participants, and the difficulty of noticing them makes them ideal as a ‘springboard’ for launching more complex assaults on a blockchain.
By obscuring multiple miner nodes’ view of the network, for example, an attack can make them process illegitimate transactions which would otherwise be discarded. Thus, double-spending, where the same blockchain tokens are used in multiple transactions, end up being legitimized by those ‘blind’ miners who are unaware that they are not mining on the legitimate chain.
Another outcome of eclipse attacks is what is commonly called a 51% attack. This involves a malicious party taking control of over half the blockchain’s hashing power and using it to their own ends. An eclipse attack allows the actor to make that section of the network mine an invalid chain in preparation for such an attack.
On a smaller scale, meanwhile, an eclipse attack can target a specific node to make it confirm illegitimate transactions. Given that merchants can accept zero-confirmation transactions instead of waiting for them to confirm, the risk of accepting a transaction with double-spent coins increases.
Similar to a zero-confirmation attack, an n-confirmation attack targets both merchants and miners to get illegitimate transactions accepted in blocks which are in fact not valid.
In the above situations, miners end up expending resources for no reward, leading to increased costs and wasted energy.
How Can Eclipse Attacks be Prevented on Blockchain Networks?
Since eclipse attacks first gained notoriety in the 2010s, blockchain networks have adapted to make their execution more difficult — in terms of both security and cost.
Peer identification system
When choosing which nodes to connect to on the blockchain network, each participant can mitigate the risk of communicating with unknown or potentially untrustworthy peers if every node has a unique identifier.
Peer selection process
Eclipse attack perpetrators heavily rely on blockchain nodes communicating with random peers each time they connect to the network. This is not obligatory, however, and changing the network’s parameters so that nodes interact with peers differently can make an attacker’s task more difficult.
There are two main ways that this can be done. Nodes may connect to random peers instead of a familiar group, or use repeat insertion of specific known node IP addresses with reach reconnection — known as deterministic node selection.
Control incoming and outgoing connections
A secondary way of reducing the effectiveness of a potential eclipse attack is to increase the number of outgoing connections to other nodes. In Bitcoin, it was discovered in a dedicated paper on the topic in 2015, there is more than enough room to do this without risking the network running out of connection capacity.
The same paper, which introduced the concept of the eclipse attack as it relates to Bitcoin, highlighted too large a number of inbound connections coming from the same IP address as bad practice. These should instead be diversified, so as to make “a node accept only a limited number of connections from the same IP address.”
Differences Between Eclipse Attack vs. Sybil Attack
In the early days of cryptocurrency, eclipse attacks were in fact called sybil attacks, but the two phenomena are in fact different.
The term “eclipse attack” for Bitcoin specifically originated in the aforementioned research paper from 2015. Until then, what is now known as an eclipse attack was called a sybil attack, as confirmed by Bitcoin core developer Peter Wuille.
Now, however, a sybil attack refers to malicious actors spamming an entire blockchain network in a bid to change its function or ethos. This is different to an eclipse attack, which targets specific nodes and attempts to permit blockchain-specific operations such as double-spending the same tokens.
On highly decentralized networks such as Bitcoin, sybil attacks are of little concern to network participants. This is because of PoW — a node or group of nodes seen to be behaving oddly is almost immediately flagged and excluded from consensus.
How Not to Become a Victim of an Eclipse Attack?
Part of why eclipse attacks are commonplace is because it can be very difficult for a node to realize that they are the victim of one. It is also unlikely that a network participant would suspect that their transaction(s) are being compromised as a result of such an attack.
There are a few best practice procedures that can reduce the likelihood of an attack being carried out successfully.
- Run an independent node. By doing so, liability is mostly centered on you as the node operator and not a third party. Independent full nodes also contribute to overall network security.
- Use your own wallet. Do not rely on mass-market software when running a node, as control is sacrificed for convenience and exposure to the host’s problems.
- Do not automatically trust transactions on the blockchain. Accepting transactions with zero confirmations, for example, increases the probability of falling victim to double-spending attacks.
- As mentioned above, vet and orchestrate incoming and outgoing node connections, limiting incoming and increasing outgoing connections where possible.
Eclipse Attack FAQ
What is an eclipse attack?
An eclipse attack is a form of blockchain network attack which targets specific nodes to cut them off from the rest of the network, often to make them validate spurious data.
What is a sybil attack in Blockchain?
A sybil attack now refers to the mass targeting of nodes on a blockchain network, rather than individual ones in an eclipse attack. A malicious actor can achieve different outcomes depending on the attack type used.
What can an eclipse attack do?
Eclipse attacks can be used to make nodes validate false data that would be unaccepted by the rest of the network, for example permitting double-spending of the same coins. Attackers can use eclipse attacks as a springboard for larger ones, such as a 51% attack.
How to avoid eclipse attacks?
There are various precautions one can take to avoid falling victim to eclipse attacks, which can be hard to detect once initiated. These include vetting incoming connections for nodes and waiting for several confirmations before accepting a transaction as complete.