Meet Ledger Nano™ Gen5, the most playful signer yet

Discover now

The most playful signer yet

Meet Ledger Nano™ Gen5

Shop now Learn more

Eclipse Attack Meaning

Oct 18, 2023 | Updated Oct 18, 2023
An eclipse attack is a type of P2P network threat that disrupts the operations of the network by isolating and manipulating one node.

What is an Eclipse Attack?

In an eclipse attack, a malicious actor separates a specific node within a peer-to-peer network instead of attacking the entire blockchain. The actors create an artificial environment around specific nodes to prevent them from receiving transactions or information from their peers. 

An eclipse attack is different from a Sybil attack, which creates multiple identities or nodes to upset the balance of power to take control over the entire network. Eclipse attacks may misdirect users to accept invalid or confirmed transactions, leading to a double-spend attack. Launching an eclipse attack on multiple miners could lead to a 51% attack.

How are Eclipse Attacks Executed?

Eclipse attacks in crypto arise from the inherent limitations of decentralized networks, where nodes are unable to connect with all other nodes simultaneously due to connection limits. Instead, they only create connections with a few nearby nodes. Bitcoin, for example, allows only a maximum of 125 connections. This vulnerability enables malicious actors to manipulate the information flow to specific nodes, potentially obstructing their view of legitimate transactions or blocks.

To execute an eclipse attack, the malicious actor identifies the node they intend to isolate and manipulate. The target could be a mining node, a well-connected node, or one that belongs to a specific organization or user. The attacker then creates a malicious network, known as a botnet, that consists of multiple nodes in their control. The nodes are strategically positioned to form connections with the target node. Botnets aim to monopolize all connections that the target node has, so it can control the flow of information to and from the target.

Once the botnet is in place, the malicious actor initiates a Distributed Denial-of-Service (DDoS) attack on the target node. This DDoS attack floods the target node with a large volume of fake or irrelevant network requests (or IP addresses), effectively overwhelming its resources. This forces the node to try reconnecting with the blockchain network. However, since the botnet controls most of the target node’s connections, it feeds it with false information. 

By controlling the information flow to and from the target node, the attacker can isolate it, manipulate its view of the wider network, and potentially carry out a range of attacks, including DDoS attacks, double-spend attacks, and even disrupt the miner power distribution, hampering the network’s operations.

A proposed countermeasure for such blockchain threats involves randomly selecting new connections instead of repeatedly using the same neighboring nodes. This would make it more difficult for malicious actors to attempt to attack the network.

Unspent Transaction Output (UTXO)

Unspent Transaction Output (UTXO) refers to the amount of a cryptocurrency that is leftover following a specific transaction.

Full definition

Nested Blockchain

Nested blockchains are a Layer 2 scaling solution that operate on top of a main blockchain, to improve transaction processing and overall network efficiency.

Full definition

Seed Phrase

A seed phrase is a collection of randomly generated words that represent all private keys associated with a given crypto wallet; the phrase enables the contents of a crypto wallet to be restored, even if…

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.