What is Eclipse Attack?

TL;DR

- An eclipse attack is an attack whereby a malicious actor isolates a node within a peer-to-peer (P2P) network to obscure a user's view of the network to disrupt the network in general.
- Eclipse attacks are similar to Sybil attacks, except that in an eclipse attack, only one node is targeted, unlike a Sybil attack that targets the entire network.
- Some expected consequences of the eclipse attack are double spending and miner power disruption.
- Though eclipse attacks are rare, there's no denying that they can be devastating, and manipulation of a network in this manner can result in a loss of funds and even malicious network takeovers.


Introduction

An array of users in various locations, known as nodes, contribute to a typical cryptocurrency blockchain network (or peer-to-peer network) by verifying transactions to ensure their legitimacy and make the network secure. Because each node in a network has some power and because one node can only connect with a limited number of other nodes at any given time (due to bandwidth limitations), it can be exploited for illicit purposes by a malicious individual.

An eclipse attack targets a single node and only surrounds it with compromised nodes. The isolation of the node means that compromised nodes will receive all of their outgoing data, and the same nodes will send all of their incoming data. When attacker nodes successfully flood a node's communications, a false environment can be created (so long as the node connects with the malicious nodes upon reconnection with the blockchain network). The unwitting victim node believes the false environment is legitimate and continues to operate normally. The node's view of the network, however, is distorted.

What is an Eclipse Attack?

An eclipse attack is when a malicious actor isolates a specific user or node within a peer-to-peer (P2P) network to obscure a user's view of the network in preparation for more complex attacks or to disrupt the network in general. Eclipse attacks are similar to Sybil attacks, but their goals are different. They are similar in that a specific network is inundated with fake peers. The difference is that in an eclipse attack, only one node is targeted. A Sybil attack, on the other hand, targets the entire network.

Eclipse attacks are thoroughly discussed in a 2015 paper titled 'Eclipse Attacks on Bitcoin's Peer-to-Peer Network' by Boston University and Hebrew University researchers. The authors discussed their findings from launching eclipse attacks and potential countermeasures in the paper.

In an eclipse attack, an attacker attempts to redirect inbound and outbound connections from legitimate nodes to the attacker's nodes. As a result, the target is isolated from the actual network.

Because the target is no longer connected to the blockchain distributed ledger, the attacker can manipulate the isolated node. An eclipse attack can cause disruptions in block mining as well as illegitimate transaction confirmations.


How does an Eclipse Attack Work?

In an eclipse attack, the attackers usually use a botnet or phantom network to compromise and isolate a node. Crypto eclipse attacks are possible because nodes in a decentralized network cannot connect to other nodes simultaneously due to bandwidth constraints. As a result, nodes only connect with several neighboring nodes.

For this reason, a threat actor works to compromise the target user's connection with the small number of nodes to which it connects. An attacker compromises a node by using a phantom network or botnet. This network, composed of host nodes, floods a target node with internet protocol (IP) addresses. When the target reconnects to the blockchain network, it may sync.

The attacker will either wait for the target to reconnect with infected nodes or perform a Distributed Denial of Service (DDoS) to force the target to reconnect to the network.




Consequences of Eclipse Attack
• Double-spend attacks:
A zero-confirmation double spend is the first possible outcome of an eclipse attack. This involves "spending" a cryptocurrency twice. Assume a separate user sent money to the isolated node. An attacker can also gain access to this cryptocurrency and spend it themselves using an eclipse attack. When the legitimate recipient node realizes that a zero-confirmation double-spend has occurred, it is usually too late; the crypto they received has already been spent and stolen by the attacker.

An attacker may misdirect a victim who is disconnected from its legitimate network to accept a transaction that uses either of the two:
An invalid input
The same input as a previously validated transaction on a legitimate network

• Miner Power Disruption:
The attacker can conceal that a block was mined from the target, duping the victim into wasting computing power mining orphaned blocks. An orphaned block has been solved but not accepted by the blockchain network.

The attacker can then use the network to increase their hash rate. Because an eclipsed miner is no longer connected to the legitimate network, attackers can launch attacks on multiple miners, resulting in a 51% attack on the network.


What Blockchain Developers can learn from Eclipse Attack
Developers can learn about the flaws in Bitcoin nodes that can be exploited to replace legitimate peer addresses with their own.

- Technically, when the node selects IP addresses from the tried bucket with timestamps, the likelihood of the attacker being selected increases. This assertion is true even if the attacker only owns a subset of these addresses. Increase the attack time to increase your chances of being chosen.

- When an address bucket is full, a random address is removed. If an attacker's IP is removed, it can be reinserted if it is repeatedly sent to the node.

As you can see, attackers can take advantage of the vulnerabilities. There are, however, some ways to avoid them.


Prevention of Eclipse Attack
IP addresses could be chosen at random from the tried table. This randomness reduces the likelihood of the selected peer being an attacker. If peer selection is randomized, the attacker will be unsuccessful even after putting in much effort.

Insert peer addresses into fixed slots using a deterministic approach. This approach reduces the possibility of attackers inserting their addresses into a different slot after being evicted from the address bucket. A deterministic approach ensures that repeated address insertion adds no value to an attack.

Increased node connections: If the nodes in the network are connected to many other nodes each, the attacker will find it difficult to isolate the target in the network, reducing the possibility of an Eclipse attack.


Conclusion
Though eclipse attacks are rare, there's no denying that they can be devastating. Manipulation of a network in this manner and the exploitation of a node's influence can result in a loss of funds and even malicious network takeovers. We can only hope that the structure of peer-to-peer networks prevents this type of attack in the long run.



Author - M. Olatunji, Gate.io Researcher
* This article represents only the views of the observers and does not constitute any investment suggestions.
*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement.