New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

Eclipse Attack Meaning

Oct 18, 2023 | Updated Oct 18, 2023
An eclipse attack is a type of P2P network threat that disrupts the operations of the network by isolating and manipulating one node.

What is an Eclipse Attack?

In an eclipse attack, a malicious actor separates a specific node within a peer-to-peer network instead of attacking the entire blockchain. The actors create an artificial environment around specific nodes to prevent them from receiving transactions or information from their peers. 

An eclipse attack is different from a Sybil attack, which creates multiple identities or nodes to upset the balance of power to take control over the entire network. Eclipse attacks may misdirect users to accept invalid or confirmed transactions, leading to a double-spend attack. Launching an eclipse attack on multiple miners could lead to a 51% attack.

How are Eclipse Attacks Executed?

Eclipse attacks in crypto arise from the inherent limitations of decentralized networks, where nodes are unable to connect with all other nodes simultaneously due to connection limits. Instead, they only create connections with a few nearby nodes. Bitcoin, for example, allows only a maximum of 125 connections. This vulnerability enables malicious actors to manipulate the information flow to specific nodes, potentially obstructing their view of legitimate transactions or blocks.

To execute an eclipse attack, the malicious actor identifies the node they intend to isolate and manipulate. The target could be a mining node, a well-connected node, or one that belongs to a specific organization or user. The attacker then creates a malicious network, known as a botnet, that consists of multiple nodes in their control. The nodes are strategically positioned to form connections with the target node. Botnets aim to monopolize all connections that the target node has, so it can control the flow of information to and from the target.

Once the botnet is in place, the malicious actor initiates a Distributed Denial-of-Service (DDoS) attack on the target node. This DDoS attack floods the target node with a large volume of fake or irrelevant network requests (or IP addresses), effectively overwhelming its resources. This forces the node to try reconnecting with the blockchain network. However, since the botnet controls most of the target node’s connections, it feeds it with false information. 

By controlling the information flow to and from the target node, the attacker can isolate it, manipulate its view of the wider network, and potentially carry out a range of attacks, including DDoS attacks, double-spend attacks, and even disrupt the miner power distribution, hampering the network’s operations.

A proposed countermeasure for such blockchain threats involves randomly selecting new connections instead of repeatedly using the same neighboring nodes. This would make it more difficult for malicious actors to attempt to attack the network.

Orphan Block

An orphan block (orphan) is a valid block that does not have a parent block and is not included in the main blockchain.

Full definition

Keylogger

A keylogger is a tool deployed by hackers to record keystrokes and access sensitive data from a victim’s computer. In the crypto industry, cybercriminals often use it as an instrument to steal important information.

Full definition

Permissioned Blockchain

A permissioned blockchain is a distributed ledger with limited accessibility. Only certain authorized individuals can access it.

Full definition