what-is-an-eclipse-attack?

What is an eclipse attack?

You must confirm the subscription in your inbox.”,”subscribe_email_required”:”Email required”,”subscribe_email_invalid”:”A valid email address must be provided. “,”shares”:”Total shares”,”views”:”Total views”,”sponsoredBadge”:”stretch_banners.sponsored.badge”}” :post=”{“id”:77714,”seo_title”:”What is an eclipse attack?”,”seo_description”:”Eclipse attacks are a sort of cyberattack in which an attacker creates a fake environment around a single node or user, allowing the attacker to manipulate the…”,”keywords”:”Blockchain,Hacks”,”canonical”:”https://cointelegraph.com/explained/what-is-an-eclipse-attack”,”thumb”:”https://images.cointelegraph.com/images/1024_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy8xNmEzNmZmZWUzNWRkMjY1MGJkNDIwMTU3NmI2YTNiMS5qcGc=.jpg”,”img”:”https://images.cointelegraph.com/images/2048_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy8xNmEzNmZmZWUzNWRkMjY1MGJkNDIwMTU3NmI2YTNiMS5qcGc=.jpg”,”youtube”:””,”og_title”:”What is an eclipse attack?”,”og_description”:”Eclipse attacks are a sort of cyberattack in which an attacker creates a fake environment around a single node or user, allowing the attacker to manipulate the node into doing a malicious action.”,”twitter_title”:”What is an eclipse attack?”,”twitter_description”:”Eclipse attacks are a sort of cyberattack in which an attacker creates a fake environment around a single node or user, allowing the attacker to manipulate the node into doing a malicious action.”,”published”:”2021-12-11T16:00:00+00:00″,”noindex”:0,”modified”:”2021-12-11T10:55:36+00:00″,”title”:”What is an eclipse attack?”,”leadtext”:”Eclipse attacks are a sort of cyberattack in which an attacker creates a fake environment around a single node or user, allowing the attacker to manipulate the node into doing a malicious action.”,”amp”:”https://cointelegraph.com/explained/what-is-an-eclipse-attack/amp”,”alternates”:[],”alternatesLinks”:[],”url”:”what-is-an-eclipse-attack”,”url_full”:”/explained/what-is-an-eclipse-attack”,”category”:{“id”:65,”url”:”explained”,”priority”:0,”created”:null,”modified”:null,”parent_id”:0,”is_hidden”:0,”created_at”:”-0001-11-30 00:00:00″,”updated_at”:”2019-03-12 14:52:37″,”deleted_at”:null,”admin_weight”:30,”enabled”:1,”is_blog”:0,”relevant”:0,”category_id”:65,”language_id”:1,”title”:”Explained”,”alt”:””,”keywords”:””,”seo_title”:”Explained: articles for beginners about cryptocurrency and blockchain.”,”description”:”

What is Bitcoin? How does blockchain work? How to mine cryptocurrency? We are glad to help you answer these questions with our quick guides in Explained section.

n”,”seo_description”:”What is Bitcoin? How does blockchain work? How to mine cryptocurrency? We are glad to help you answer these questions with our quick guides in Explained section.”},”words_count”:1003,”description”:”Eclipse attacks are a sort of cyberattack in which an attacker creates a fake environment around a single node or user, allowing the attacker to manipulate the node into doing a malicious action”,”author”:{“id”:1418,”title”:”Marcel Deer”,”url”:”marcel-deer”,”twitter”:””,”google_plus”:””,”photo”:null,”gender”:”male”,”description”:”A qualified journalist with a background in PR and marketing, Marcel has been passionate about crypto since he first read the Cypherpunks Manifesto. As a strong believer in the power of DeFi, decentralization, and the digital economy, when he’s not writing, he’s researching the latest node projects and actively enjoying the crypto community on Twitter.”,”facebook”:””,”email”:””,”linkedin”:””,”created_at”:”2021-11-07 07:02:27″,”updated_at”:”2021-11-07 07:02:27″,”deleted_at”:null,”avatar”:”https://cointelegraph.com/assets/img/icons/author_male.jpg”,”hash”:”aHR0cHM6Ly9jb2ludGVsZWdyYXBoLmNvbS9hdXRob3JzL21hcmNlbC1kZWVy”,”relativeUrl”:”https://cointelegraph.com/authors/marcel-deer”,”user_id”:1418,”language_id”:1,”name”:”Marcel Deer”,”desc”:”A qualified journalist with a background in PR and marketing, Marcel has been passionate about crypto since he first read the Cypherpunks Manifesto. As a strong believer in the power of DeFi, decentralization, and the digital economy, when he’s not writing, he’s researching the latest node projects and actively enjoying the crypto community on Twitter.”,”seo_title”:””,”seo_description”:””,”enabled”:0,”show_in_authors”:0,”show_in_experts”:0},”category_id”:65,”audio”:”https://s3.cointelegraph.com/audio/77714.9482771b-5646-4c6e-bf58-d841ac20dd50.mp3″,”tags”:[{“name”:”Blockchain”,”uri”:”/tags/blockchain”,”super”:1,”page_title”:”Blockchain News”},{“name”:”Hacks”,”uri”:”/tags/hacks”,”super”:0,”page_title”:””}],”tag_title”:”Blockchain”,”date”:”30 MINUTES AGO”,”badge”:{“title”:”Explained”,”label”:”default”},”qty”:11,”stats_pixel”:”“,”stats_pixel_url”:”https://zoa.cointelegraph.com/pixel?postId=77714&regionId=1″,”shares”:17,”infographic”:false,”sponsored”:false,”explained”:true,”press_release”:false,”show_referral”:false,”social_description”:””,”social_translators”:{“clipboard_popup_label”:”Link copied”,”socialWechatFooterError”:”WeChat error”,”socialWechatFooterText”:”WeChat share”,”socialWechatHeaderText”:”WeChat share”},”social_shares”:{“post_id”:77714,”post_url”:”https://cointelegraph.com/explained/what-is-an-eclipse-attack”,”post_titles”:{“normal”:”What is an eclipse attack?”,”twitter”:”What is an eclipse attack?”},”post_text”:{“normal”:”What is an eclipse attack?”,”twitter”:”What is an eclipse attack? https://cointelegraph.com/explained/what-is-an-eclipse-attack via @cointelegraph”},”accounts”:{“twitter”:”@cointelegraph”}},”socials”:{“facebook”:{“url”:”https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcointelegraph.com%2Fexplained%2Fwhat-is-an-eclipse-attack”,”count”:null,”short”:”fb”,”fa”:”facebook”},”twitter”:{“url”:”https://twitter.com/intent/tweet?text=What+is+an+eclipse+attack%3F https%3A%2F%2Fcointelegraph.com%2Fexplained%2Fwhat-is-an-eclipse-attack via @cointelegraph”,”count”:null,”short”:”tw”,”fa”:”twitter”},”telegram”:{“url”:”https://telegram.me/share/url?url=https%3A%2F%2Fcointelegraph.com%2Fexplained%2Fwhat-is-an-eclipse-attack &text=What+is+an+eclipse+attack%3F”,”count”:null,”short”:”tg”,”fa”:”paper-plane”},”whatsapp”:{“url”:”https://api.whatsapp.com/send?text=What+is+an+eclipse+attack%3F&href=https%3A%2F%2Fcointelegraph.com%2Fexplained%2Fwhat-is-an-eclipse-attack”,”count”:null,”short”:”wu”,”fa”:”whatsapp”},”gplus”:{“url”:”https://plus.google.com/share?url=https%3A%2F%2Fcointelegraph.com%2Fexplained%2Fwhat-is-an-eclipse-attack”,”count”:null,”short”:”gplus”,”fa”:”google-plus”},”reddit”:{“url”:”https://www.reddit.com/submit?url=https%3A%2F%2Fcointelegraph.com%2Fexplained%2Fwhat-is-an-eclipse-attack&title=What+is+an+eclipse+attack%3F”,”count”:null,”short”:”reddit”,”fa”:”reddit-alien”},”linkedin”:{“url”:”https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fcointelegraph.com%2Fexplained%2Fwhat-is-an-eclipse-attack&title=What+is+an+eclipse+attack%3F”,”count”:null,”short”:”li”,”fa”:”linkedin”}},”hide_disclaimer”:false,”elink”:”https://cointelegraph.com”,”etitle”:”Cointelegraph”,”elogo_x2″:”https://images.cointelegraph.com/images/528_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9hYjAzYTJhMmNlOWEyMWRjMWYwOTYxZDkxNzMxYzhiYS5wbmc=.png”,”elogo_x1″:”https://images.cointelegraph.com/images/260_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9hYjAzYTJhMmNlOWEyMWRjMWYwOTYxZDkxNzMxYzhiYS5wbmc=.png”,”elogo_svg”:false,”content”:[{“id”:2933,”post_id”:77714,”title”:”What is an eclipse attack in blockchain?”,”content”:”

In an eclipse attack, a malicious actor isolates a specific user or node within a peer-to-peer (P2P) network.

nn

The attacker’s goal is to obscure a user’s view of the P2P network in preparation for more complex attacks or to cause general disruption. Eclipse attacks share similarities with Sybil attacks, however, their end goals are different. 

nn

They are similar in the sense that a certain network is flooded with fake peers. The difference, however, is that in an eclipse attack, a single node is attacked. In a Sybil attack, the entire network is attacked. 

nn

Moreover, attackers can start an eclipse attack by constructing many ostensibly independent overlay nodes via a Sybil attack. Attackers may use the overlay maintenance mechanism to mount an eclipse assault; hence, safeguards against Sybil attacks do not prevent eclipse attacks.

nn

Eclipse attacks are discussed comprehensively in the 2015 paper authored by researchers from Boston University and Hebrew University entitled ‘Eclipse Attacks on Bitcoin’s Peer-to-Peer Network.’ In the said paper, the authors discussed their findings from launching eclipse attacks, as well as possible countermeasures. 

nn

In an eclipse attack, an attacker tries to redirect the target network participant’s inbound and outbound connections from legitimate nodes to the attacker’s nodes. By doing so, the target is sealed off from the actual network. 

nn

Since the target is disconnected from the blockchain ledger, the isolated node can then be manipulated by the attacker. An eclipse attack can lead to block mining disruptions as well as illegitimate transaction confirmations. 

nn

How easily blockchain attacks can be executed depends on the target blockchain network’s underlying structure.

nnn”,”created_at”:”2021-12-11 10:49:37″,”updated_at”:”2021-12-11 10:55:39″,”sort”:1,”translations”:{“id”:2926,”explained_post_id”:2933,”title_en”:”What is an eclipse attack in blockchain?”,”content_en”:”

In an eclipse attack, a malicious actor isolates a specific user or node within a peer-to-peer (P2P) network.

nn

The attacker’s goal is to obscure a user’s view of the P2P network in preparation for more complex attacks or to cause general disruption. Eclipse attacks share similarities with Sybil attacks, however, their end goals are different. 

nn

They are similar in the sense that a certain network is flooded with fake peers. The difference, however, is that in an eclipse attack, a single node is attacked. In a Sybil attack, the entire network is attacked. 

nn

Moreover, attackers can start an eclipse attack by constructing many ostensibly independent overlay nodes via a Sybil attack. Attackers may use the overlay maintenance mechanism to mount an eclipse assault; hence, safeguards against Sybil attacks do not prevent eclipse attacks.

nn

Eclipse attacks are discussed comprehensively in the 2015 paper authored by researchers from Boston University and Hebrew University entitled ‘Eclipse Attacks on Bitcoin’s Peer-to-Peer Network.’ In the said paper, the authors discussed their findings from launching eclipse attacks, as well as possible countermeasures. 

nn

In an eclipse attack, an attacker tries to redirect the target network participant’s inbound and outbound connections from legitimate nodes to the attacker’s nodes. By doing so, the target is sealed off from the actual network. 

nn

Since the target is disconnected from the blockchain ledger, the isolated node can then be manipulated by the attacker. An eclipse attack can lead to block mining disruptions as well as illegitimate transaction confirmations. 

nn

How easily blockchain attacks can be executed depends on the target blockchain network’s underlying structure.

nnn”,”title_es”:””,”content_es”:”n”,”title_cn”:””,”content_cn”:”n”,”title_de”:””,”content_de”:”n”,”title_it”:””,”content_it”:”n”,”title_ar”:””,”content_ar”:”n”,”title_br”:””,”content_br”:”n”,”title_jp”:””,”content_jp”:”n”,”created_at”:”2021-12-11 10:49:37″,”updated_at”:”2021-12-11 10:55:39″,”title_kr”:””,”content_kr”:”n”,”title_tr”:””,”content_tr”:”n”}},{“id”:2934,”post_id”:77714,”title”:”How does an eclipse attack work?”,”content”:”

Attackers typically use a botnet or phantom network to compromise a node and seal it off.

nn

Crypto eclipse attacks can be carried out because the nodes in a decentralized network cannot simultaneously connect with other nodes because of bandwidth limitations. As such, nodes connect with a limited set of neighboring nodes instead. 

nn

Hence, a malicious actor works to compromise the target user’s connection with the limited set of nodes that it connects to. An attacker uses a phantom network or botnet to compromise a node. This network is created from host nodes and is used to flood a target node with internet protocol (IP) addresses. The target may then sync up with it when it reconnects to the blockchain network. 

nn

The attacker will then wait for the target to reconnect with malicious nodes or use a Distributed Denial of Service (DDoS) attack so that the target is forced to reconnect to the network. 

nn

The worst part is that once a target node is compromised, the attacker can feed it false data. Usually, the victim is unaware that the node has already been compromised. Some of the consequences of eclipse attacks in crypto projects are:

nn

    nt

  • nt

    Miner power disruption: Blocks can be excluded from a legitimate blockchain when an attacker tries to hide the fact that a block has already been mined from an eclipsed miner. This misleads the victim into wasting processing power and time computing already compromised blocks.

    nt

  • n

nn

The attacker is then able to increase their hash rate within the network. Since an eclipsed miner is disconnected from the legitimate network, attackers can then launch attacks on multiple miners and launch a 51% attack on the network

nn

    nt

  • nt

    Double-spend attacks:  A victim that is isolated from its legitimate network may be misdirected by an attacker to accept a transaction that uses either of the two:

    nnt

      ntt

    • ntt

      An invalid input

      ntt

    • ntt

    • ntt

      The same input of an already-validated transaction on the legitimate network

      ntt

    • nt

    nt

  • n

nnn”,”created_at”:”2021-12-11 10:51:07″,”updated_at”:”2021-12-11 10:55:39″,”sort”:2,”translations”:{“id”:2927,”explained_post_id”:2934,”title_en”:”How does an eclipse attack work?”,”content_en”:”

Attackers typically use a botnet or phantom network to compromise a node and seal it off.

nn

Crypto eclipse attacks can be carried out because the nodes in a decentralized network cannot simultaneously connect with other nodes because of bandwidth limitations. As such, nodes connect with a limited set of neighboring nodes instead. 

nn

Hence, a malicious actor works to compromise the target user’s connection with the limited set of nodes that it connects to. An attacker uses a phantom network or botnet to compromise a node. This network is created from host nodes and is used to flood a target node with internet protocol (IP) addresses. The target may then sync up with it when it reconnects to the blockchain network. 

nn

The attacker will then wait for the target to reconnect with malicious nodes or use a Distributed Denial of Service (DDoS) attack so that the target is forced to reconnect to the network. 

nn

The worst part is that once a target node is compromised, the attacker can feed it false data. Usually, the victim is unaware that the node has already been compromised. Some of the consequences of eclipse attacks in crypto projects are:

nn

    nt

  • nt

    Miner power disruption: Blocks can be excluded from a legitimate blockchain when an attacker tries to hide the fact that a block has already been mined from an eclipsed miner. This misleads the victim into wasting processing power and time computing already compromised blocks.

    nt

  • n

nn

The attacker is then able to increase their hash rate within the network. Since an eclipsed miner is disconnected from the legitimate network, attackers can then launch attacks on multiple miners and launch a 51% attack on the network

nn

    nt

  • nt

    Double-spend attacks:  A victim that is isolated from its legitimate network may be misdirected by an attacker to accept a transaction that uses either of the two:

    nnt

      ntt

    • ntt

      An invalid input

      ntt

    • ntt

    • ntt

      The same input of an already-validated transaction on the legitimate network

      ntt

    • nt

    nt

  • n

nnn”,”title_es”:””,”content_es”:”n”,”title_cn”:””,”content_cn”:”n”,”title_de”:””,”content_de”:”n”,”title_it”:””,”content_it”:”n”,”title_ar”:””,”content_ar”:”n”,”title_br”:””,”content_br”:”n”,”title_jp”:””,”content_jp”:”n”,”created_at”:”2021-12-11 10:51:07″,”updated_at”:”2021-12-11 10:55:39″,”title_kr”:””,”content_kr”:”n”,”title_tr”:””,”content_tr”:”n”}},{“id”:2935,”post_id”:77714,”title”:”What are the consequences of an eclipse attack?”,”content”:”

When an attacker targets a network’s user, there is usually a deeper motive for doing so. Typically, eclipse attacks can serve as gateways for more complex attacks and disruptions.

nn

0-confirmation double spends

nn

A user is at risk of a double-spend if they accept a transaction with no confirmations. By principle, although the transaction has already been broadcast, the sender can still create a new transaction and spend the funds somewhere else. Double spends can occur until a transaction has been included in a block and committed to the blockchain. 

nn

New transactions that have a higher fee can also be included before original transactions to invalidate earlier transactions. What’s risky about this is that some individuals and businesses are in the practice of accepting 0-confirmation transactions.

nn

N-confirmation double spends

nn

N-confirmation double spends are similar to 0-confirmation transactions. However, they require more complex preparation. Because a lot of businesses prefer to hold off on marking a payment as valid pending a certain number of confirmations, they can be vulnerable to attacks. 

nn

In this scenario, attackers eclipse both miners and merchants. They pull it off by setting up an order with the merchant and broadcasting the transaction to eclipsed miners. This leads the transaction to be confirmed and included in the blockchain. However, this specific chain is not the right one as the miner has been cut off from the network earlier. 

nn

The attacker then relays this blockchain version to the merchant, who then releases goods and/or services believing that the transaction has already been confirmed.

nn

Weakening competing miners

nn

Eclipsed nodes continue to operate as the target user is often unaware that they have been isolated from the legitimate network. As a result, miners will continue to mine blocks as usual. Blocks that are added will then be discarded upon syncing with their honest peers. 

nn

Large-scale eclipse attacks executed on major miners are usually used to carry out a 51% attack. However, due to the incredibly high cost to take over Bitcoin’s hashing power majority, chances for this are still quite slim. At ~80TH/s, an attacker would theoretically need more than 40TH/s to succeed in such an attempt.

nnn”,”created_at”:”2021-12-11 10:52:00″,”updated_at”:”2021-12-11 10:55:39″,”sort”:3,”translations”:{“id”:2928,”explained_post_id”:2935,”title_en”:”What are the consequences of an eclipse attack?”,”content_en”:”

When an attacker targets a network’s user, there is usually a deeper motive for doing so. Typically, eclipse attacks can serve as gateways for more complex attacks and disruptions.

nn

0-confirmation double spends

nn

A user is at risk of a double-spend if they accept a transaction with no confirmations. By principle, although the transaction has already been broadcast, the sender can still create a new transaction and spend the funds somewhere else. Double spends can occur until a transaction has been included in a block and committed to the blockchain. 

nn

New transactions that have a higher fee can also be included before original transactions to invalidate earlier transactions. What’s risky about this is that some individuals and businesses are in the practice of accepting 0-confirmation transactions.

nn

N-confirmation double spends

nn

N-confirmation double spends are similar to 0-confirmation transactions. However, they require more complex preparation. Because a lot of businesses prefer to hold off on marking a payment as valid pending a certain number of confirmations, they can be vulnerable to attacks. 

nn

In this scenario, attackers eclipse both miners and merchants. They pull it off by setting up an order with the merchant and broadcasting the transaction to eclipsed miners. This leads the transaction to be confirmed and included in the blockchain. However, this specific chain is not the right one as the miner has been cut off from the network earlier. 

nn

The attacker then relays this blockchain version to the merchant, who then releases goods and/or services believing that the transaction has already been confirmed.

nn

Weakening competing miners

nn

Eclipsed nodes continue to operate as the target user is often unaware that they have been isolated from the legitimate network. As a result, miners will continue to mine blocks as usual. Blocks that are added will then be discarded upon syncing with their honest peers. 

nn

Large-scale eclipse attacks executed on major miners are usually used to carry out a 51% attack. However, due to the incredibly high cost to take over Bitcoin’s hashing power majority, chances for this are still quite slim. At ~80TH/s, an attacker would theoretically need more than 40TH/s to succeed in such an attempt.

nnn”,”title_es”:””,”content_es”:”n”,”title_cn”:””,”content_cn”:”n”,”title_de”:””,”content_de”:”n”,”title_it”:””,”content_it”:”n”,”title_ar”:””,”content_ar”:”n”,”title_br”:””,”content_br”:”n”,”title_jp”:””,”content_jp”:”n”,”created_at”:”2021-12-11 10:52:00″,”updated_at”:”2021-12-11 10:55:39″,”title_kr”:””,”content_kr”:”n”,”title_tr”:””,”content_tr”:”n”}},{“id”:2936,”post_id”:77714,”title”:”How to mitigate eclipse attacks”,”content”:”

Theoretically, an attacker can eclipse any node as long as they have enough IP addresses. 

nn

Operators can mitigate this risk by blocking incoming connections. Also, they should only make outbound connections to specific nodes that they trust, such as those on a whitelist by other peers in the network. Researchers have pointed out, however, that if all participants adopt these measures, new nodes might not be able to join — making it an approach that cannot be done at scale.

nn

What the authors of ‘Eclipse Attacks on Bitcoin’s Peer-to-Peer Network’ suggest, however, is to implement a few tweaks to the Bitcoin software. Some of these tweaks have already been implemented since the paper was released. They work to make eclipse attacks costlier through minor changes in the code.

nnn”,”created_at”:”2021-12-11 10:53:24″,”updated_at”:”2021-12-11 10:55:39″,”sort”:4,”translations”:{“id”:2929,”explained_post_id”:2936,”title_en”:”How to mitigate eclipse attacks”,”content_en”:”

Theoretically, an attacker can eclipse any node as long as they have enough IP addresses. 

nn

Operators can mitigate this risk by blocking incoming connections. Also, they should only make outbound connections to specific nodes that they trust, such as those on a whitelist by other peers in the network. Researchers have pointed out, however, that if all participants adopt these measures, new nodes might not be able to join — making it an approach that cannot be done at scale.

nn

What the authors of ‘Eclipse Attacks on Bitcoin’s Peer-to-Peer Network’ suggest, however, is to implement a few tweaks to the Bitcoin software. Some of these tweaks have already been implemented since the paper was released. They work to make eclipse attacks costlier through minor changes in the code.

nnn”,”title_es”:””,”content_es”:”n”,”title_cn”:””,”content_cn”:”n”,”title_de”:””,”content_de”:”n”,”title_it”:””,”content_it”:”n”,”title_ar”:””,”content_ar”:”n”,”title_br”:””,”content_br”:”n”,”title_jp”:””,”content_jp”:”n”,”created_at”:”2021-12-11 10:53:24″,”updated_at”:”2021-12-11 10:55:39″,”title_kr”:””,”content_kr”:”n”,”title_tr”:””,”content_tr”:”n”}},{“id”:2937,”post_id”:77714,”title”:”Differences between eclipse attack vs. Sybil attack”,”content”:”

Both attacks take place at the P2P network level. So what’s the difference?  

nn

In an eclipse attack, most peers of a targeted user are malicious and therefore prevent the targeted user from connecting to a legitimate network. An eclipse attack is particularly useful in instances when a sender sends some Bitcoin (BTC) to someone and then also double spends these Bitcoin. 

nn

The sender then uses the attack to prevent the target user from finding out about the double spend.

nn

In a Sybil attack, a malicious actor or attacker attempts to spam the network with nodes under their control in an attempt to game the network’s reputation system. This includes false signaling of support using version bits. In summary, an eclipse attack targets a single user or party while a Sybil attack targets an entire network.

nn

In the context of Bitcoin, Sybil attacks are less harmful because nodes operate on consensus rules. Under these rules, any deviation will lead to having that same node DoS banned.

nnn”,”created_at”:”2021-12-11 10:54:01″,”updated_at”:”2021-12-11 10:55:37″,”sort”:5,”translations”:{“id”:2930,”explained_post_id”:2937,”title_en”:”Differences between eclipse attack vs. Sybil attack”,”content_en”:”

Both attacks take place at the P2P network level. So what’s the difference?  

nn

In an eclipse attack, most peers of a targeted user are malicious and therefore prevent the targeted user from connecting to a legitimate network. An eclipse attack is particularly useful in instances when a sender sends some Bitcoin (BTC) to someone and then also double spends these Bitcoin. 

nn

The sender then uses the attack to prevent the target user from finding out about the double spend.

nn

In a Sybil attack, a malicious actor or attacker attempts to spam the network with nodes under their control in an attempt to game the network’s reputation system. This includes false signaling of support using version bits. In summary, an eclipse attack targets a single user or party while a Sybil attack targets an entire network.

nn

In the context of Bitcoin, Sybil attacks are less harmful because nodes operate on consensus rules. Under these rules, any deviation will lead to having that same node DoS banned.

nnn”,”title_es”:””,”content_es”:”n”,”title_cn”:””,”content_cn”:”n”,”title_de”:””,”content_de”:”n”,”title_it”:””,”content_it”:”n”,”title_ar”:””,”content_ar”:”n”,”title_br”:””,”content_br”:”n”,”title_jp”:””,”content_jp”:”n”,”created_at”:”2021-12-11 10:54:01″,”updated_at”:”2021-12-11 10:55:37″,”title_kr”:””,”content_kr”:”n”,”title_tr”:””,”content_tr”:”n”}},{“id”:2938,”post_id”:77714,”title”:”What can blockchain developers learn from eclipse attacks?”,”content”:”

Developers can familiarize themselves with the vulnerabilities in Bitcoin nodes that can be exploited to replace legitimate peer addresses with their own.

nn

    nt

  • nt

    Technically, when the node selects IP addresses from the tried bucket with timestamps, it increases the probability of the attacker getting selected. This is true even if the attacker only owns a small portion of these addresses. Chances of getting selected can also be increased by increasing the attack time.

    nt

  • nt

  • nt

    When an address bucket is full, one address is removed at random. If an attacker’s IP is the one removed, then it can eventually be inserted if it is repeatedly sent to the node.

    nt

  • n

nn

As you can see, attackers can exploit the above-mentioned vulnerabilities. However, there are also some ways to avoid them: 

nn

    nt

  • nt

    IP address selection from the tried table could be done at random. This would reduce the chances of the selected peer being an attacker. If peer selection is randomized, then the attacker will not be successful even after having spent a lot of time in the attack.

    nt

  • nt

  • nt

    Use a deterministic approach to insert addresses of peers into fixed slots. This will reduce the chances of inserting an attacker’s address into a different slot after having been evicted from the address bucket. A deterministic approach ensures that repeated insertion of addresses does not add value to an attack. 

    nt

  • n

nn

As we mentioned, a lot of the vulnerabilities in Bitcoin have already been addressed. However, attacks on blockchain can still be carried out when attackers find other vulnerabilities. This is because blockchain networks are public. 

nn

The open-source culture followed by a lot of blockchain organizations may also give way to further vulnerabilities.

nnn”,”created_at”:”2021-12-11 10:54:43″,”updated_at”:”2021-12-11 10:55:37″,”sort”:6,”translations”:{“id”:2931,”explained_post_id”:2938,”title_en”:”What can blockchain developers learn from eclipse attacks?”,”content_en”:”

Developers can familiarize themselves with the vulnerabilities in Bitcoin nodes that can be exploited to replace legitimate peer addresses with their own.

nn

    nt

  • nt

    Technically, when the node selects IP addresses from the tried bucket with timestamps, it increases the probability of the attacker getting selected. This is true even if the attacker only owns a small portion of these addresses. Chances of getting selected can also be increased by increasing the attack time.

    nt

  • nt

  • nt

    When an address bucket is full, one address is removed at random. If an attacker’s IP is the one removed, then it can eventually be inserted if it is repeatedly sent to the node.

    nt

  • n

nn

As you can see, attackers can exploit the above-mentioned vulnerabilities. However, there are also some ways to avoid them: 

nn

    nt

  • nt

    IP address selection from the tried table could be done at random. This would reduce the chances of the selected peer being an attacker. If peer selection is randomized, then the attacker will not be successful even after having spent a lot of time in the attack.

    nt

  • nt

  • nt

    Use a deterministic approach to insert addresses of peers into fixed slots. This will reduce the chances of inserting an attacker’s address into a different slot after having been evicted from the address bucket. A deterministic approach ensures that repeated insertion of addresses does not add value to an attack. 

    nt

  • n

nn

As we mentioned, a lot of the vulnerabilities in Bitcoin have already been addressed. However, attacks on blockchain can still be carried out when attackers find other vulnerabilities. This is because blockchain networks are public. 

nn

The open-source culture followed by a lot of blockchain organizations may also give way to further vulnerabilities.

nnn”,”title_es”:””,”content_es”:”n”,”title_cn”:””,”content_cn”:”n”,”title_de”:””,”content_de”:”n”,”title_it”:””,”content_it”:”n”,”title_ar”:””,”content_ar”:”n”,”title_br”:””,”content_br”:”n”,”title_jp”:””,”content_jp”:”n”,”created_at”:”2021-12-11 10:54:43″,”updated_at”:”2021-12-11 10:55:37″,”title_kr”:””,”content_kr”:”n”,”title_tr”:””,”content_tr”:”n”}}],”is_partner_material”:false,”commentsSection”:{“schemaEntityUrl”:”//cointelegraph.com/explained/what-is-an-eclipse-attack”,”list”:[],”amount”:0,”i18n”:{“addComment”:”Add a comment…”,”amountOnePostfix”:”Comment”,”amountPostfix”:”Comments”,”cancel”:”Cancel”,”delete”:”Delete”,”edit”:”Edit”,”errorBig”:”Comment text cannot be longer than 2000 characters”,”errorDuplicate”:”Duplicate comment”,”errorSmall”:”Comment text must be at least 2 characters long”,”hideButton”:”Hide comments”,”noComments”:” “,”commentOnModeration”:”Comment on moderation”,”postComment”:”Post”,”reply”:”Reply”,”showAllComments”:”Show All Comments”,”showButtonPostfix”:”comments”,”showButtonPrefix”:”Show”,”signIn”:”Sign in”,”update”:”Update comment”,”commentWasDeleted”:”This comment has been deleted”}},”related”:[{“id”:46588,”retina”:”https://images.cointelegraph.com/images/1480_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9lNGIxZDQ2ODQwNDY0NmVjNzcwMWMyOGZlY2JiZmIwNC5qcGc=.jpg”,”img”:”https://images.cointelegraph.com/images/740_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9lNGIxZDQ2ODQwNDY0NmVjNzcwMWMyOGZlY2JiZmIwNC5qcGc=.jpg”,”thumb”:”https://images.cointelegraph.com/images/370_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9lNGIxZDQ2ODQwNDY0NmVjNzcwMWMyOGZlY2JiZmIwNC5qcGc=.jpg”,”thumb370″:”https://images.cointelegraph.com/images/370_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9lNGIxZDQ2ODQwNDY0NmVjNzcwMWMyOGZlY2JiZmIwNC5qcGc=.jpg”,”amp_thumb”:”https://images.cointelegraph.com/images/150_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9lNGIxZDQ2ODQwNDY0NmVjNzcwMWMyOGZlY2JiZmIwNC5qcGc=.jpg”,”thumb150″:”https://images.cointelegraph.com/images/150_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9lNGIxZDQ2ODQwNDY0NmVjNzcwMWMyOGZlY2JiZmIwNC5qcGc=.jpg”,”url”:”https://cointelegraph.com/news/crypto-crime-on-the-rise-good-odds-of-2020-becoming-a-record-breaker”,”title”:”Crypto Crime on the Rise — Good Odds of 2020 Becoming a Record-Breaker”,”lead”:”Experts believe that a more holistic crypto ecosystem, especially one that is more AML-centric, is needed to help prevent the spread of crypto scams in 2020.”,”leadfull”:””,”category_id”:19,”category_url”:”https://cointelegraph.com/category/analysis”,”category_title”:”Analysis”,”author_url”:”https://cointelegraph.com/authors/shiraz-jagati”,”author_hash”:”aHR0cHM6Ly9jb2ludGVsZWdyYXBoLmNvbS9hdXRob3JzL3NoaXJhei1qYWdhdGk=”,”author_title”:”Shiraz Jagati”,”author_img”:”https://images.cointelegraph.com/images/32_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy80NWFkZTVhZDI3NmQyOGMwNjZhMjA2NGE1MTc1ZDNhMy5qcGc=.jpg”,”date”:”JUN 07, 2020″,”flash_date”:”JUN 07, 2020″,”sponsored”:false,”press_release”:false,”sponsored_label”:”Sponsored”,”explained”:false,”badge”:{“title”:”Analysis”,”label”:”info”},”published”:{“date”:”2020-06-07 09:00:00.000000″,”timezone_type”:3,”timezone”:”Europe/London”},”stat_uniqs”:74315,”rss_date”:”Sun, 07 Jun 2020 09:00:00 +0100″,”publishedW3″:”2020-06-07T09:00:00+01:00″,”show_referral”:true,”isMagazine”:false},{“id”:76942,”retina”:”https://images.cointelegraph.com/images/1480_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9lODhkZGY1OWMzYTllNjc2MzllOTA1ZjdlYzM4MTliNi5qcGc=.jpg”,”img”:”https://images.cointelegraph.com/images/740_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9lODhkZGY1OWMzYTllNjc2MzllOTA1ZjdlYzM4MTliNi5qcGc=.jpg”,”thumb”:”https://images.cointelegraph.com/images/370_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9lODhkZGY1OWMzYTllNjc2MzllOTA1ZjdlYzM4MTliNi5qcGc=.jpg”,”thumb370″:”https://images.cointelegraph.com/images/370_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9lODhkZGY1OWMzYTllNjc2MzllOTA1ZjdlYzM4MTliNi5qcGc=.jpg”,”amp_thumb”:”https://images.cointelegraph.com/images/150_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9lODhkZGY1OWMzYTllNjc2MzllOTA1ZjdlYzM4MTliNi5qcGc=.jpg”,”thumb150″:”https://images.cointelegraph.com/images/150_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9lODhkZGY1OWMzYTllNjc2MzllOTA1ZjdlYzM4MTliNi5qcGc=.jpg”,”url”:”https://cointelegraph.com/news/daos-empower-social-good-with-yield-generating-defi-products”,”title”:”DAOs empower social good with yield-generating DeFi products”,”lead”:”New paradigm shift materializes in the intersection between DeFi and ESG, with opportunities to be rewarded for doing good.”,”leadfull”:””,”category_id”:62,”category_url”:”https://cointelegraph.com/category/sponsored”,”category_title”:”Sponsored”,”author_url”:”https://cointelegraph.com/authors/sarah-jansen”,”author_hash”:”aHR0cHM6Ly9jb2ludGVsZWdyYXBoLmNvbS9hdXRob3JzL3NhcmFoLWphbnNlbg==”,”author_title”:”Sarah Jansen”,”author_img”:”https://images.cointelegraph.com/images/32_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy84N2IwYjRjMzkyZjlhYmM4ZjlhZDNiZTU3Y2FjZGJmZC5qcGc=.jpg”,”date”:”NOV 29, 2021″,”flash_date”:”NOV 29, 2021″,”sponsored”:true,”press_release”:false,”sponsored_label”:”Sponsored”,”explained”:false,”badge”:{“title”:”Sponsored”,”label”:”default”},”published”:{“date”:”2021-11-29 18:00:00.000000″,”timezone_type”:3,”timezone”:”Europe/London”},”stat_uniqs”:5706,”rss_date”:”Mon, 29 Nov 2021 18:00:00 +0000″,”publishedW3″:”2021-11-29T18:00:00+00:00″,”show_referral”:true,”isMagazine”:false},{“id”:76601,”retina”:”https://images.cointelegraph.com/images/1480_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9hMGE0MzUwNjNmZmJlMDgwZjI5MWY0YmFiNmUwYzEwMC5qcGc=.jpg”,”img”:”https://images.cointelegraph.com/images/740_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9hMGE0MzUwNjNmZmJlMDgwZjI5MWY0YmFiNmUwYzEwMC5qcGc=.jpg”,”thumb”:”https://images.cointelegraph.com/images/370_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9hMGE0MzUwNjNmZmJlMDgwZjI5MWY0YmFiNmUwYzEwMC5qcGc=.jpg”,”thumb370″:”https://images.cointelegraph.com/images/370_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9hMGE0MzUwNjNmZmJlMDgwZjI5MWY0YmFiNmUwYzEwMC5qcGc=.jpg”,”amp_thumb”:”https://images.cointelegraph.com/images/150_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9hMGE0MzUwNjNmZmJlMDgwZjI5MWY0YmFiNmUwYzEwMC5qcGc=.jpg”,”thumb150″:”https://images.cointelegraph.com/images/150_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9hMGE0MzUwNjNmZmJlMDgwZjI5MWY0YmFiNmUwYzEwMC5qcGc=.jpg”,”url”:”https://cointelegraph.com/news/how-to-enhance-defi-security”,”title”:”How to enhance DeFi security”,”lead”:”Decentralized finance is exploding. Its security is not. Here’s how to prevent millions more lost in DeFi.”,”leadfull”:””,”category_id”:92,”category_url”:”https://cointelegraph.com/category/use-case”,”category_title”:”Use Case”,”author_url”:”https://cointelegraph.com/authors/max-moeller”,”author_hash”:”aHR0cHM6Ly9jb2ludGVsZWdyYXBoLmNvbS9hdXRob3JzL21heC1tb2VsbGVy”,”author_title”:”Max Moeller”,”author_img”:”https://cointelegraph.com/assets/img/icons/author_male.jpg”,”date”:”NOV 23, 2021″,”flash_date”:”NOV 23, 2021″,”sponsored”:false,”press_release”:false,”sponsored_label”:”Sponsored”,”explained”:false,”badge”:{“title”:”Use Case”,”label”:”default”},”published”:{“date”:”2021-11-23 20:00:00.000000″,”timezone_type”:3,”timezone”:”Europe/London”},”stat_uniqs”:3624,”rss_date”:”Tue, 23 Nov 2021 20:00:00 +0000″,”publishedW3″:”2021-11-23T20:00:00+00:00″,”show_referral”:true,”isMagazine”:false},{“id”:77295,”retina”:”https://images.cointelegraph.com/images/1480_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvY2EwOGNmNDEtYjAxYi00ZGQ0LWFkZDEtZTUwNDQzMTlmNjI0LmpwZw==.jpg”,”img”:”https://images.cointelegraph.com/images/740_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvY2EwOGNmNDEtYjAxYi00ZGQ0LWFkZDEtZTUwNDQzMTlmNjI0LmpwZw==.jpg”,”thumb”:”https://images.cointelegraph.com/images/370_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvY2EwOGNmNDEtYjAxYi00ZGQ0LWFkZDEtZTUwNDQzMTlmNjI0LmpwZw==.jpg”,”thumb370″:”https://images.cointelegraph.com/images/370_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvY2EwOGNmNDEtYjAxYi00ZGQ0LWFkZDEtZTUwNDQzMTlmNjI0LmpwZw==.jpg”,”amp_thumb”:”https://images.cointelegraph.com/images/150_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvY2EwOGNmNDEtYjAxYi00ZGQ0LWFkZDEtZTUwNDQzMTlmNjI0LmpwZw==.jpg”,”thumb150″:”https://images.cointelegraph.com/images/150_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvY2EwOGNmNDEtYjAxYi00ZGQ0LWFkZDEtZTUwNDQzMTlmNjI0LmpwZw==.jpg”,”url”:”https://cointelegraph.com/news/bitmart-hacked-for-200m-following-ethereum-binance-smart-chain-exploit”,”title”:”Bitmart hacked for $200M following Ethereum, Binance Smart Chain exploit”,”lead”:”The hackers made away with a mix of over 20 tokens that includes altcoins such as BNB, Safemoon, BSC-USD and BPay.”,”leadfull”:””,”category_id”:2,”category_url”:”https://cointelegraph.com/category/latest-news”,”category_title”:”Latest News”,”author_url”:”https://cointelegraph.com/authors/arijit-sarkar”,”author_hash”:”aHR0cHM6Ly9jb2ludGVsZWdyYXBoLmNvbS9hdXRob3JzL2FyaWppdC1zYXJrYXI=”,”author_title”:”Arijit Sarkar”,”author_img”:”https://images.cointelegraph.com/images/32_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy8zNDRiYzQ0MWU3OWQyMDE3NTdlOTZmZWQxMTEyYjQxMi5qcGc=.jpg”,”date”:”DEC 05, 2021″,”flash_date”:”DEC 05, 2021″,”sponsored”:false,”press_release”:false,”sponsored_label”:”Sponsored”,”explained”:false,”badge”:{“title”:”Breaking news”,”label”:”default”},”published”:{“date”:”2021-12-05 03:49:35.000000″,”timezone_type”:3,”timezone”:”Europe/London”},”stat_uniqs”:68974,”rss_date”:”Sun, 05 Dec 2021 03:49:35 +0000″,”publishedW3″:”2021-12-05T03:49:35+00:00″,”show_referral”:true,”isMagazine”:false},{“id”:77321,”retina”:”https://images.cointelegraph.com/images/1480_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvYWY5OGJkOTQtMDhjNC00YzA0LWExNDEtNGRhYWE0MTYyZjAxLmpwZw==.jpg”,”img”:”https://images.cointelegraph.com/images/740_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvYWY5OGJkOTQtMDhjNC00YzA0LWExNDEtNGRhYWE0MTYyZjAxLmpwZw==.jpg”,”thumb”:”https://images.cointelegraph.com/images/370_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvYWY5OGJkOTQtMDhjNC00YzA0LWExNDEtNGRhYWE0MTYyZjAxLmpwZw==.jpg”,”thumb370″:”https://images.cointelegraph.com/images/370_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvYWY5OGJkOTQtMDhjNC00YzA0LWExNDEtNGRhYWE0MTYyZjAxLmpwZw==.jpg”,”amp_thumb”:”https://images.cointelegraph.com/images/150_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvYWY5OGJkOTQtMDhjNC00YzA0LWExNDEtNGRhYWE0MTYyZjAxLmpwZw==.jpg”,”thumb150″:”https://images.cointelegraph.com/images/150_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvYWY5OGJkOTQtMDhjNC00YzA0LWExNDEtNGRhYWE0MTYyZjAxLmpwZw==.jpg”,”url”:”https://cointelegraph.com/news/huobi-and-shiba-inu-community-to-help-bitmart-overcome-200m-hack”,”title”:”Huobi and Shiba Inu community to help BitMart overcome $200M hack”,”lead”:”Over the weekend, hackers made away with nearly $200 million in 20 different tokens.”,”leadfull”:””,”category_id”:2,”category_url”:”https://cointelegraph.com/category/latest-news”,”category_title”:”Latest News”,”author_url”:”https://cointelegraph.com/authors/arijit-sarkar”,”author_hash”:”aHR0cHM6Ly9jb2ludGVsZWdyYXBoLmNvbS9hdXRob3JzL2FyaWppdC1zYXJrYXI=”,”author_title”:”Arijit Sarkar”,”author_img”:”https://images.cointelegraph.com/images/32_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy8zNDRiYzQ0MWU3OWQyMDE3NTdlOTZmZWQxMTEyYjQxMi5qcGc=.jpg”,”date”:”DEC 06, 2021″,”flash_date”:”DEC 06, 2021″,”sponsored”:false,”press_release”:false,”sponsored_label”:”Sponsored”,”explained”:false,”badge”:{“title”:”News”,”label”:”default”},”published”:{“date”:”2021-12-06 08:10:53.000000″,”timezone_type”:3,”timezone”:”Europe/London”},”stat_uniqs”:18046,”rss_date”:”Mon, 06 Dec 2021 08:10:53 +0000″,”publishedW3″:”2021-12-06T08:10:53+00:00″,”show_referral”:true,”isMagazine”:false},{“id”:77686,”retina”:”https://images.cointelegraph.com/images/1480_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvZTYzY2MwMWMtNDI0Mi00YmMwLTkwMjgtZmRkOWZhZmMwYjViLmpwZw==.jpg”,”img”:”https://images.cointelegraph.com/images/740_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvZTYzY2MwMWMtNDI0Mi00YmMwLTkwMjgtZmRkOWZhZmMwYjViLmpwZw==.jpg”,”thumb”:”https://images.cointelegraph.com/images/370_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvZTYzY2MwMWMtNDI0Mi00YmMwLTkwMjgtZmRkOWZhZmMwYjViLmpwZw==.jpg”,”thumb370″:”https://images.cointelegraph.com/images/370_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvZTYzY2MwMWMtNDI0Mi00YmMwLTkwMjgtZmRkOWZhZmMwYjViLmpwZw==.jpg”,”amp_thumb”:”https://images.cointelegraph.com/images/150_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvZTYzY2MwMWMtNDI0Mi00YmMwLTkwMjgtZmRkOWZhZmMwYjViLmpwZw==.jpg”,”thumb150″:”https://images.cointelegraph.com/images/150_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTIvZTYzY2MwMWMtNDI0Mi00YmMwLTkwMjgtZmRkOWZhZmMwYjViLmpwZw==.jpg”,”url”:”https://cointelegraph.com/news/assembly-announces-100m-capital-raise-receives-praise-from-iota-co-founder-dominik-schiener”,”title”:”Assembly announces $100M capital raise, receives praise from Iota co-founder Dominik Schiener”,”lead”:”“Assembly addresses the limitations of current scaling solutions by using the feeless base layer of Iota as an immutable trust anchor and as a trustless bridge …”,”leadfull”:””,”category_id”:2,”category_url”:”https://cointelegraph.com/category/latest-news”,”category_title”:”Latest News”,”author_url”:”https://cointelegraph.com/authors/zhiyuan-sun”,”author_hash”:”aHR0cHM6Ly9jb2ludGVsZWdyYXBoLmNvbS9hdXRob3JzL3poaXl1YW4tc3Vu”,”author_title”:”Zhiyuan Sun”,”author_img”:”https://images.cointelegraph.com/images/32_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy82ZTIyODkzYzk0NDBjMGYxMTk1MDU3YzE4ZGFiMDBhYS5qcGc=.jpg”,”date”:”22 HOURS AGO”,”flash_date”:”DEC 10, 2021″,”sponsored”:false,”press_release”:false,”sponsored_label”:”Sponsored”,”explained”:false,”badge”:{“title”:”News”,”label”:”default”},”published”:{“date”:”2021-12-10 17:57:16.000000″,”timezone_type”:3,”timezone”:”Europe/London”},”stat_uniqs”:3896,”rss_date”:”Fri, 10 Dec 2021 17:57:16 +0000″,”publishedW3″:”2021-12-10T17:57:16+00:00″,”show_referral”:true,”isMagazine”:false}]}” :shares=”{“facebook”:{“url”:”https://www.facebook.com/sharer/sharer.php?u=%URL%”,”icon”:”facebook”,”title”:”Facebook”,”sizesAllowed”:[{“size”:”lg”,”label”:”Large devices”,”breakpoint”:”> 1200px”},{“size”:”md”,”label”:”Medium devices”,”breakpoint”:”> 992px”},{“size”:”sm”,”label”:”Small tablets”,”breakpoint”:”> 768px”},{“size”:”xs”,”label”:”Smartphones”,”breakpoint”:”> 480px”},{“size”:”xxs”,”label”:”Extra small devices”,”breakpoint”:”< 480px"}],"position":1,"status":true},"twitter":{"url":"https://twitter.com/intent/tweet?text=%TEXT%","icon":"twitter","title":"Twitter","position":2,"status":true,"sizesAllowed":[{"size":"xxs","label":"Extra small devices","breakpoint":"< 480px"},{"size":"xs","label":"Smartphones","breakpoint":"> 480px”},{“size”:”sm”,”label”:”Small tablets”,”breakpoint”:”> 768px”},{“size”:”md”,”label”:”Medium devices”,”breakpoint”:”> 992px”},{“size”:”lg”,”label”:”Large devices”,”breakpoint”:”> 1200px”}]},”telegram”:{“url”:”https://t.me/share/url?url=%URL%&text=%TEXT%”,”icon”:”telegram”,”title”:”Telegram”,”position”:3,”status”:true,”sizesAllowed”:[{“size”:”xxs”,”label”:”Extra small devices”,”breakpoint”:”< 480px"},{"size":"xs","label":"Smartphones","breakpoint":"> 480px”},{“size”:”sm”,”label”:”Small tablets”,”breakpoint”:”> 768px”},{“size”:”md”,”label”:”Medium devices”,”breakpoint”:”> 992px”},{“size”:”lg”,”label”:”Large devices”,”breakpoint”:”> 1200px”}]},”linkedin”:{“url”:”https://www.linkedin.com/shareArticle?mini=true&url=%URL%&title=%TITLE%”,”icon”:”linked-in”,”title”:”LinkedIn”,”position”:5,”status”:true,”sizesAllowed”:[{“size”:”xxs”,”label”:”Extra small devices”,”breakpoint”:”< 480px"},{"size":"xs","label":"Smartphones","breakpoint":"> 480px”},{“size”:”sm”,”label”:”Small tablets”,”breakpoint”:”> 768px”},{“size”:”md”,”label”:”Medium devices”,”breakpoint”:”> 992px”},{“size”:”lg”,”label”:”Large devices”,”breakpoint”:”> 1200px”}]},”copy”:{“url”:”%URL%”,”icon”:”copy”,”position”:7,”title”:”Copy Link”,”sizesAllowed”:[{“size”:”xxs”,”label”:”Extra small devices”,”breakpoint”:”< 480px"},{"size":"xs","label":"Smartphones","breakpoint":"> 480px”},{“size”:”sm”,”label”:”Small tablets”,”breakpoint”:”> 768px”},{“size”:”md”,”label”:”Medium devices”,”breakpoint”:”> 992px”},{“size”:”lg”,”label”:”Large devices”,”breakpoint”:”> 1200px”}],”status”:true},”whatsapp”:{“url”:”https://wa.me/?text=%TITLE% %URL%”,”icon”:”whats-app”,”title”:”Whatsapp”,”sizesAllowed”:[{“size”:”xxs”,”label”:”Extra small devices”,”breakpoint”:”< 480px"},{"size":"xs","label":"Smartphones","breakpoint":"> 480px”},{“size”:”sm”,”label”:”Small tablets”,”breakpoint”:”> 768px”},{“size”:”md”,”label”:”Medium devices”,”breakpoint”:”> 992px”},{“size”:”lg”,”label”:”Large devices”,”breakpoint”:”> 1200px”}],”position”:6,”status”:true},”reddit”:{“url”:”https://www.reddit.com/submit?url=%URL%&title=%TITLE%”,”icon”:”reddit”,”title”:”Reddit”,”sizesAllowed”:[{“size”:”xxs”,”label”:”Extra small devices”,”breakpoint”:”< 480px"},{"size":"xs","label":"Smartphones","breakpoint":"> 480px”},{“size”:”sm”,”label”:”Small tablets”,”breakpoint”:”> 768px”},{“size”:”md”,”label”:”Medium devices”,”breakpoint”:”> 992px”},{“size”:”lg”,”label”:”Large devices”,”breakpoint”:”> 1200px”}],”position”:4,”status”:true}}” is=”ExplainedPostPage”>

In an eclipse attack, a malicious actor isolates a specific user or node within a peer-to-peer (P2P) network.

The attacker’s goal is to obscure a user’s view of the P2P network in preparation for more complex attacks or to cause general disruption. Eclipse attacks share similarities with Sybil attacks, however, their end goals are different. 

They are similar in the sense that a certain network is flooded with fake peers. The difference, however, is that in an eclipse attack, a single node is attacked. In a Sybil attack, the entire network is attacked. 

Moreover, attackers can start an eclipse attack by constructing many ostensibly independent overlay nodes via a Sybil attack. Attackers may use the overlay maintenance mechanism to mount an eclipse assault; hence, safeguards against Sybil attacks do not prevent eclipse attacks.

Eclipse attacks are discussed comprehensively in the 2015 paper authored by researchers from Boston University and Hebrew University entitled ‘Eclipse Attacks on Bitcoin’s Peer-to-Peer Network.’ In the said paper, the authors discussed their findings from launching eclipse attacks, as well as possible countermeasures. 

In an eclipse attack, an attacker tries to redirect the target network participant’s inbound and outbound connections from legitimate nodes to the attacker’s nodes. By doing so, the target is sealed off from the actual network. 

Since the target is disconnected from the blockchain ledger, the isolated node can then be manipulated by the attacker. An eclipse attack can lead to block mining disruptions as well as illegitimate transaction confirmations. 

How easily blockchain attacks can be executed depends on the target blockchain network’s underlying structure.

Attackers typically use a botnet or phantom network to compromise a node and seal it off.

Crypto eclipse attacks can be carried out because the nodes in a decentralized network cannot simultaneously connect with other nodes because of bandwidth limitations. As such, nodes connect with a limited set of neighboring nodes instead. 

Hence, a malicious actor works to compromise the target user’s connection with the limited set of nodes that it connects to. An attacker uses a phantom network or botnet to compromise a node. This network is created from host nodes and is used to flood a target node with internet protocol (IP) addresses. The target may then sync up with it when it reconnects to the blockchain network. 

The attacker will then wait for the target to reconnect with malicious nodes or use a Distributed Denial of Service (DDoS) attack so that the target is forced to reconnect to the network. 

The worst part is that once a target node is compromised, the attacker can feed it false data. Usually, the victim is unaware that the node has already been compromised. Some of the consequences of eclipse attacks in crypto projects are:

  • Miner power disruption: Blocks can be excluded from a legitimate blockchain when an attacker tries to hide the fact that a block has already been mined from an eclipsed miner. This misleads the victim into wasting processing power and time computing already compromised blocks.

The attacker is then able to increase their hash rate within the network. Since an eclipsed miner is disconnected from the legitimate network, attackers can then launch attacks on multiple miners and launch a 51% attack on the network

  • Double-spend attacks:  A victim that is isolated from its legitimate network may be misdirected by an attacker to accept a transaction that uses either of the two:

    • An invalid input

    • The same input of an already-validated transaction on the legitimate network

When an attacker targets a network’s user, there is usually a deeper motive for doing so. Typically, eclipse attacks can serve as gateways for more complex attacks and disruptions.

0-confirmation double spends

A user is at risk of a double-spend if they accept a transaction with no confirmations. By principle, although the transaction has already been broadcast, the sender can still create a new transaction and spend the funds somewhere else. Double spends can occur until a transaction has been included in a block and committed to the blockchain. 

New transactions that have a higher fee can also be included before original transactions to invalidate earlier transactions. What’s risky about this is that some individuals and businesses are in the practice of accepting 0-confirmation transactions.

N-confirmation double spends

N-confirmation double spends are similar to 0-confirmation transactions. However, they require more complex preparation. Because a lot of businesses prefer to hold off on marking a payment as valid pending a certain number of confirmations, they can be vulnerable to attacks. 

In this scenario, attackers eclipse both miners and merchants. They pull it off by setting up an order with the merchant and broadcasting the transaction to eclipsed miners. This leads the transaction to be confirmed and included in the blockchain. However, this specific chain is not the right one as the miner has been cut off from the network earlier. 

The attacker then relays this blockchain version to the merchant, who then releases goods and/or services believing that the transaction has already been confirmed.

Weakening competing miners

Eclipsed nodes continue to operate as the target user is often unaware that they have been isolated from the legitimate network. As a result, miners will continue to mine blocks as usual. Blocks that are added will then be discarded upon syncing with their honest peers. 

Large-scale eclipse attacks executed on major miners are usually used to carry out a 51% attack. However, due to the incredibly high cost to take over Bitcoin’s hashing power majority, chances for this are still quite slim. At ~80TH/s, an attacker would theoretically need more than 40TH/s to succeed in such an attempt.

Theoretically, an attacker can eclipse any node as long as they have enough IP addresses. 

Operators can mitigate this risk by blocking incoming connections. Also, they should only make outbound connections to specific nodes that they trust, such as those on a whitelist by other peers in the network. Researchers have pointed out, however, that if all participants adopt these measures, new nodes might not be able to join — making it an approach that cannot be done at scale.

What the authors of ‘Eclipse Attacks on Bitcoin’s Peer-to-Peer Network’ suggest, however, is to implement a few tweaks to the Bitcoin software. Some of these tweaks have already been implemented since the paper was released. They work to make eclipse attacks costlier through minor changes in the code.

Both attacks take place at the P2P network level. So what’s the difference?  

In an eclipse attack, most peers of a targeted user are malicious and therefore prevent the targeted user from connecting to a legitimate network. An eclipse attack is particularly useful in instances when a sender sends some Bitcoin (BTC) to someone and then also double spends these Bitcoin. 

The sender then uses the attack to prevent the target user from finding out about the double spend.

In a Sybil attack, a malicious actor or attacker attempts to spam the network with nodes under their control in an attempt to game the network’s reputation system. This includes false signaling of support using version bits. In summary, an eclipse attack targets a single user or party while a Sybil attack targets an entire network.

In the context of Bitcoin, Sybil attacks are less harmful because nodes operate on consensus rules. Under these rules, any deviation will lead to having that same node DoS banned.

Developers can familiarize themselves with the vulnerabilities in Bitcoin nodes that can be exploited to replace legitimate peer addresses with their own.

  • Technically, when the node selects IP addresses from the tried bucket with timestamps, it increases the probability of the attacker getting selected. This is true even if the attacker only owns a small portion of these addresses. Chances of getting selected can also be increased by increasing the attack time.

  • When an address bucket is full, one address is removed at random. If an attacker’s IP is the one removed, then it can eventually be inserted if it is repeatedly sent to the node.

As you can see, attackers can exploit the above-mentioned vulnerabilities. However, there are also some ways to avoid them: 

  • IP address selection from the tried table could be done at random. This would reduce the chances of the selected peer being an attacker. If peer selection is randomized, then the attacker will not be successful even after having spent a lot of time in the attack.

  • Use a deterministic approach to insert addresses of peers into fixed slots. This will reduce the chances of inserting an attacker’s address into a different slot after having been evicted from the address bucket. A deterministic approach ensures that repeated insertion of addresses does not add value to an attack. 

As we mentioned, a lot of the vulnerabilities in Bitcoin have already been addressed. However, attacks on blockchain can still be carried out when attackers find other vulnerabilities. This is because blockchain networks are public. 

The open-source culture followed by a lot of blockchain organizations may also give way to further vulnerabilities.