An Eclipse Attack is an attack executed within the Peer-to-Peer network. It can only be deployed in a decentralized environment, as it targets single nodes that accept incoming and outgoing connections from other nodes. For example, the bitcoin network, by default, has a maximum of 117 incoming and 8 outgoing TCP connections.

In an Eclipse Attack, the attacker attempts to redirect the target’s connection from its neighboring nodes to the ones under the attacker’s control. As a result, the victim is isolated from all honest peers but remains connected to the attacker’s node.

Attackers usually use a botnet to accomplish this task. For this purpose, they create a phantom network from host nodes to flood the target node with multiple IP addresses that it can synchronize with during the next connection to the blockchain.

From this point on, the hacker waits for the target to connect to those nodes.

Sometimes it takes several attempts to hit the timeframe between automatic reconnections.

During an Eclipse Attack, the attacker hides the actual state of the blockchain ledger from the target and gains several options for generating criminal profits.

1. Double spending. If the attacker’s nodes account for 25% of the total network hashing power, and the target node accounts for 26%, they can get the coveted 51% and a chance of double-spending by taking control of a node. A hacker can send funds to a controlled node that has already been sent to other addresses. Then the compromised node receives information about a false transaction and returns all the money to the attacker’s address. The fraud will be revealed only when the victim of the attack gets free and connects to the correct working nodes.

2. Stealing the processing power of a miner. The hacker hides the information about blocks that have already been mined from the target, thereby pushing the victim to waste processing power on useless calculations. In this way, the attacker increases their hash power and wins the validation race (we extensively covered this case in our article about selfish mining). Or they may combine their hash rate with the target’s power for more efficient mining and get all the fees.

An attack can be eliminated if the peer-to-peer network design enables synchronization with the blockchain through random nodes. The network, where each node connects to the neighboring node, will always be at risk of being attacked.

Some security experts suggest an alternative safe system where each node connects to many targets. That is the network with an increased number of TCP connections. But this would greatly complicate the blockchain architecture and slow down transaction speed during the synchronization.

An Eclipse Attack is an attack executed within the Peer-to-Peer network. It can only be deployed in a decentralized environment, as it targets single nodes that accept incoming and outgoing connections from other nodes. For example, the bitcoin network, by default, has a maximum of 117 incoming and 8 outgoing TCP connections.

In an Eclipse Attack, the attacker attempts to redirect the target’s connection from its neighboring nodes to the ones under the attacker’s control. As a result, the victim is isolated from all honest peers but remains connected to the attacker’s node.

Attackers usually use a botnet to accomplish this task. For this purpose, they create a phantom network from host nodes to flood the target node with multiple IP addresses that it can synchronize with during the next connection to the blockchain.

From this point on, the hacker waits for the target to connect to those nodes.

Sometimes it takes several attempts to hit the timeframe between automatic reconnections.

During an Eclipse Attack, the attacker hides the actual state of the blockchain ledger from the target and gains several options for generating criminal profits.

1. Double spending. If the attacker’s nodes account for 25% of the total network hashing power, and the target node accounts for 26%, they can get the coveted 51% and a chance of double-spending by taking control of a node. A hacker can send funds to a controlled node that has already been sent to other addresses. Then the compromised node receives information about a false transaction and returns all the money to the attacker’s address. The fraud will be revealed only when the victim of the attack gets free and connects to the correct working nodes.

2. Stealing the processing power of a miner. The hacker hides the information about blocks that have already been mined from the target, thereby pushing the victim to waste processing power on useless calculations. In this way, the attacker increases their hash power and wins the validation race (we extensively covered this case in our article about selfish mining). Or they may combine their hash rate with the target’s power for more efficient mining and get all the fees.

An attack can be eliminated if the peer-to-peer network design enables synchronization with the blockchain through random nodes. The network, where each node connects to the neighboring node, will always be at risk of being attacked.

Some security experts suggest an alternative safe system where each node connects to many targets. That is the network with an increased number of TCP connections. But this would greatly complicate the blockchain architecture and slow down transaction speed during the synchronization.