New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

Eclipse Attack Meaning

Oct 18, 2023 | Updated Oct 18, 2023
An eclipse attack is a type of P2P network threat that disrupts the operations of the network by isolating and manipulating one node.

What is an Eclipse Attack?

In an eclipse attack, a malicious actor separates a specific node within a peer-to-peer network instead of attacking the entire blockchain. The actors create an artificial environment around specific nodes to prevent them from receiving transactions or information from their peers. 

An eclipse attack is different from a Sybil attack, which creates multiple identities or nodes to upset the balance of power to take control over the entire network. Eclipse attacks may misdirect users to accept invalid or confirmed transactions, leading to a double-spend attack. Launching an eclipse attack on multiple miners could lead to a 51% attack.

How are Eclipse Attacks Executed?

Eclipse attacks in crypto arise from the inherent limitations of decentralized networks, where nodes are unable to connect with all other nodes simultaneously due to connection limits. Instead, they only create connections with a few nearby nodes. Bitcoin, for example, allows only a maximum of 125 connections. This vulnerability enables malicious actors to manipulate the information flow to specific nodes, potentially obstructing their view of legitimate transactions or blocks.

To execute an eclipse attack, the malicious actor identifies the node they intend to isolate and manipulate. The target could be a mining node, a well-connected node, or one that belongs to a specific organization or user. The attacker then creates a malicious network, known as a botnet, that consists of multiple nodes in their control. The nodes are strategically positioned to form connections with the target node. Botnets aim to monopolize all connections that the target node has, so it can control the flow of information to and from the target.

Once the botnet is in place, the malicious actor initiates a Distributed Denial-of-Service (DDoS) attack on the target node. This DDoS attack floods the target node with a large volume of fake or irrelevant network requests (or IP addresses), effectively overwhelming its resources. This forces the node to try reconnecting with the blockchain network. However, since the botnet controls most of the target node’s connections, it feeds it with false information. 

By controlling the information flow to and from the target node, the attacker can isolate it, manipulate its view of the wider network, and potentially carry out a range of attacks, including DDoS attacks, double-spend attacks, and even disrupt the miner power distribution, hampering the network’s operations.

A proposed countermeasure for such blockchain threats involves randomly selecting new connections instead of repeatedly using the same neighboring nodes. This would make it more difficult for malicious actors to attempt to attack the network.


The term “immutable” in the context of a blockchain implies that the data or ledger is permanent and tamper-proof, and its history cannot be modified or changed after its creation.

Full definition

Miner Fee

A miner fee is the fee that a blockchain charges to process and confirm transactions on the network.

Full definition


A blockchain validator is a computer or node that verifies transactions in the blockchain network.

Full definition