Eclipse attacks are a problem in the digital world, and understanding them is critical for cryptocurrency networks like Bitcoin. A successful eclipse attack can involve a malicious entity successfully and temporarily “eclipsing” a node (as the name implies) in order to isolate it from the network and prevent it from receiving block updates or connecting to peers.
Eclipse attacks can be viewed in a similar light to Sybil attacks, but are slightly different in scope. Sybil attacks are usually widespread, network-wide attempts to games the reputational system of a protocol, whereas an eclipse attack is focused on a single node. Furthermore, understanding where the term eclipse attack comes from can help us understand how they are executed.
Various security research papers have provided insight into the execution of attack vectors such as eclipse attacks. One such paper (“Eclipse Attacks on Bitcoin’s Peer-to-Peer Network”) was published in 2015, written by several researchers from Boston University and Hebrew University, who discuss their findings on mounting successful eclipse attacks, and possible measures to combat them.
How Does An Eclipse Attack Work?
In order to run a node on the Bitcoin Peer-to-Peer (P2P) network, one does not need specialized hardware or equipments – any minimal hardware power is sufficient, making the process of settlement decentralized.
However, a limiting factor for many nodes is bandwidth. Because Bitcoin software only permits a maximum of 125 connections, an eclipse attack aims to obscure a participant’s view of the P2P network by flooding the network with fake peers and forcing a node to connect to attacker-controlled nodes.
Consequences Of An Eclipse Attack
If an attacker successfully implements an eclipse attack, then there are a variety of consecutive attacks that can be made thereafter. One such attack is a 0-confirmation double spend, also known as a race attack. This involves a malicious actor making an order with a merchant whilst broadcasting a transaction to eclipsed miners. When the merchant receives the payment, they will release goods to the sender; however, when the eclipsed nodes rejoin the actual network, the transaction they had received is invalidated.
Another attack enabled by the eclipse attack is an N-confirmation double spend. While businesses may prefer waiting for multiple confirmations before deeming payment final, an attacker can eclipse miners and merchants to produce a fake blockchain.
Lastly, an eclipse attack can be used to weaken competing miners as any unwitting node that continues to mine blocks under the rules set out by the protocol will have their blocks discarded when they reconnect to the actual network.
Mitigation
The researchers from the paper mentioned earlier suggested possible countermeasures in stage one, which involved blocking incoming connections, and stage two, which involved countering eclipse attacks through these modifications in the Bitcoin software, such as random selection of new connections and increased capacity in storing other IP addresses.
While there have yet to be any instances of an eclipse attack which had serious consequences, understanding the threat posed by these attacks is still important. The strongest defence against them will be making it financially prohibited for any malicious actors to attempt such attacks.
