Eclipse Attack
The eclipse attack is a relatively simple yet effective foundational attack that allows an attacker to disrupt nodes within a network. As the name suggests, this type of attack renders the targeted node in a peer-to-peer network unable to obtain valid information, leading to network outages or paving the way for more complex attacks.
At first glance, an eclipse attack may seem similar to a Sybil attack. While both types of attacks aim to influence the network by disrupting nodes, their targets differ. The primary focus of an eclipse attack is a single node, whereas a Sybil attack aims to affect the entire network, specifically targeting the reputation system of the network protocol.
In 2015, researchers from Boston University and the Hebrew University discussed this concept in detail in their paper titled "Eclipse Attacks on Bitcoin's Peer-to-Peer Network," where they reported the results of their experiments with eclipse attacks and proposed countermeasures.
How Eclipse Attacks Work
Bitcoin miners require specialized equipment to generate and verify new blocks, while non-mining full nodes can operate with minimal computational power. This means that anyone can run a node on low-cost equipment, which positively contributes to Bitcoin's decentralization. To stay synchronized with the network, the software maintains a database of transaction processing that is in sync with peer nodes.
The number of connections for nodes in the Bitcoin network is limited by bandwidth, so although many devices can operate nodes, the maximum number of connections is capped at 125, preventing ordinary devices from directly interconnecting with other devices.
In an eclipse attack, the attacker ensures that all connections of the target node are established through other nodes controlled by the attacker. The attacker initiates a flood attack from their own IP address against the target node, which may cause the victim to connect to the attacker's IP when the software is restarted. This can be achieved either by forcefully restarting the victim’s node (i.e., conducting a DDoS attack) or simply waiting for the software to restart automatically. Once the victim connects to these malicious nodes, they will be unable to acquire data from the genuine network and will receive erroneous information from the attacker instead.
Consequences of Eclipse Attacks
If an attacker is able to consume the resources of network nodes and isolate them from the network, they have the motive to carry out an eclipse attack. Once a node is isolated, the attacker can take advantage of this situation to conduct further continuous attacks.
Unconfirmed "Double Spending"
If independent nodes accept unconfirmed transactions, a "double spending" risk arises. If a transaction has been broadcast prior to entering the blockchain, the sender could easily initiate a new transaction elsewhere, attempting to spend the same amount again. If the fee for the new transaction is relatively high, miners may prioritize it, believing it to be the first transaction, thereby invalidating the original transaction.
Certain merchants and individuals accept these unconfirmed transactions. For example, a dealer named Bob, who sells luxury cars, would likely accept Alice's order for a premium sports car without any suspicion. Alice creates the transaction and broadcasts it to the network. Bob, seeing that the payment is about to be confirmed, feels satisfied and hands over the car keys to Alice, allowing her to drive away.
In reality, however, this transaction was never propagated to the network; Bob merely transmitted the transaction to Alice's malicious node, which would not forward it to the genuine network. As a result, this transaction is deemed invalid, and Alice can later spend the same amount again on the real network, whether transferring it to herself or to someone else. Even if the initial transaction between Alice and Bob appears on the genuine network later, it cannot be validated since Alice's account balance has already been consumed.
N-Time Confirmations for Double Spending
The concept of N-time confirmations for double spending is similar to that of unconfirmed double spending, but it requires more preparatory work. Many merchants prefer to wait for a certain number of confirmations before confirming the validity of a payment. To achieve this, attackers must simultaneously execute an eclipse attack on both miner and merchant nodes. If the attacker establishes a transaction with a merchant, they will broadcast the transaction information to miners affected by the eclipse attack. The merchant will see the transaction confirmed within the blockchain network, but since both the miner's and merchant's networks are isolated, this blockchain has not actually been acknowledged by the majority of legitimate nodes.
The attacker sends messages to the merchant via false blockchain network information, and once the merchant sees that the transaction has been confirmed, they proceed with the delivery of goods. However, when these compromised nodes reconnect to the real network, the genuine blockchain network will view them as invalid, isolating them in the process (similar to a 51% attack).
Weakening Competition Among Miners
Nodes that are subject to eclipse attacks continue to operate normally and are not affected merely by their isolation from the network. Miners will still verify blocks according to protocol, but the blocks that are added will be discarded during processing by genuine network nodes.
In theory, a large-scale eclipse attack on most miners could create favorable conditions for a 51% attack. Even so, even the most resource-rich attacker would face exorbitant costs to control a majority of Bitcoin's hashing power (approximately 80 TH/s); the attacker would need at least more than 40 TH/s of hashing power to attempt such a scheme. Imagine this hashing power is evenly distributed among 10 participants (approximately 8 TH/s each); if the attacker could eclipse 5 of those nodes, they could reduce the total hashing power to 40 TH/s, leaving them with additional hashing power to search for the next new block, as only 20 TH/s would be required to control the nodes.
By conducting an eclipse attack on target nodes, the attacker might also implement other destructive actions, including manipulating nodes for illegal mining or exploiting competition among miners to obtain the next block.
Mitigating the Impact of Eclipse Attacks
If an attacker gains access to a sufficiently large number of IP addresses, they can launch an eclipse attack against any node. To prevent this from happening, the most straightforward method is to restrict unauthorized access to nodes by permitting outbound connections only to specific nodes (for instance, IPs whitelisted by other nodes in the peer-to-peer network). However, as noted in the research papers, this is not a scalable solution because if all participants implement such measures, new nodes would be unable to join the network.
The authors have proposed some adjustments to the Bitcoin protocol, some of which have been incorporated into the Bitcoin program following the release of the white paper. These adjustments include minor code modifications, such as randomly selecting new connections and increasing storage space for addresses, which can effectively raise the costs associated with executing an eclipse attack.
Conclusion
The eclipse attack is a type of attack that can be executed on peer-to-peer networks. As a deployable standalone attack technique, it is highly bothersome. The true purpose of this attack is to pave the way for the execution of other attacks that could have greater implications or to provide the attacker with an advantage in mining.
Overall, although eclipse attacks have not yet caused severe impacts and some preventative measures have been deployed in blockchain networks, the threat still exists. Similar to other attacks faced by Bitcoin and most cryptocurrencies, the best strategy for defending against eclipse attacks is to ensure that malicious attackers cannot profit from them.
Risk Warning
While the cryptocurrency market offers significant growth potential and innovation opportunities, it also carries a high level of market risk and price volatility. The value of crypto assets can fluctuate dramatically in a short period, potentially leading to substantial financial losses for investors. Additionally, the cryptocurrency market faces multiple risk factors, including technical risks, legal and regulatory uncertainties, cybersecurity threats, and market manipulation. We strongly advise users to conduct thorough research and due diligence before making any investment decisions and to consult professional financial advisors. All investment decisions are made at the user’s own risk. Thank you for your trust and support of Venkate!
Building The Future of Crypto Exchange
Where Meet a Confluence of Inspiration and Innovation
Venkate Exchange is an innovative cryptocurrency trading platform, drawing its name and inspiration from Venkateswara—a deity symbolizing wealth and prosperity in Indian mythology.
