It's safe to say that the cryptocurrency industry is rife with cybercriminals looking to get their hands on your data and your money. Unfortunately, there are numerous ways a cybercriminal can swindle their way towards a payout, one of which is an eclipse attack.

So, what exactly is an eclipse attack?

What Is an Eclipse Attack?

user logo in network surrounded by red circle

On a typical cryptocurrency blockchain (or peer-to-peer network), an array of different users in different locations, known as nodes, contribute to the network by verifying transactions. Different kinds of consensus mechanisms are used here to ensure that transactions are legitimate, which makes these networks so secure.

Because every node holds some power within a network, and because one node can only connect with a limited number of other nodes at any given time (due to bandwidth limitations), it can be exploited by a malicious individual for illicit purposes.

In an eclipse attack, a singular node is targeted and surrounded by malicious nodes only. This means that all of their outgoing data will be received by malicious nodes, and the same nodes will send all their incoming data.

When a node's communications are successfully flooded by the attacker nodes, a false environment can be created (so long as the node connects with the malicious nodes upon its reconnection with the blockchain network). The unsuspecting victim node assumes that this false environment is legitimate and carries on acting as usual. However, the node's view of the network is distorted.

If you're well versed in crypto or peer-to-peer networks, you might be thinking of a Sybil attack right now, as its nature is similar to that of an eclipse attack (in that nodes are flooded with malicious communications). However, an eclipse attack focuses solely on one user or node, while a Sybil attack involves attacking an entire network.

Because multiple malicious nodes are needed to carry out an eclipse attack, cybercriminals often use botnets. A botnet is a kind of malware that can remotely control computers to achieve a specific goal. In an eclipse attack, the malicious actor will use a botnet to create a number of blockchain nodes.

Different blockchains have different node connection capacities (meaning that a node on a given blockchain can only connect to so many other devices). Some blockchains allow for many simultaneous connections, while others only allow a handful. The lower the connection capacity, the easier it becomes for the attacker to create malicious nodes and flood the targeted user's communications.

It can take time for an attacker to successfully surround a node, as there's no guarantee that it'll sync with the malicious nodes the next time it signs onto the network. But, if the attacker gets lucky, they can make a profit or do significant damage in a number of ways.

The Consequences of Eclipse Attacks

The first possible outcome of an eclipse attack is a zero-confirmation double spend. This involves a cryptocurrency being "spent" twice. Let's say a separate user sent a payment to the isolated node. Through an eclipse attack, an attacker can also gain access to this crypto and spend it themselves. By the time the legitimate recipient node realizes that a zero-confirmation double-spend has taken place, it is usually too late, and they cannot use the crypto they received because it has already been spent and stolen by the attacker.

A cybercriminal could also minimize mining competition using an eclipse attack. Because the targeted node is viewing a distorted version of the network, they may continue to mine blocks that will never actually be added to the blockchain. Additionally, if the attacker manages to isolate multiple nodes, they can lower the hash power required to conduct a 51% attack.

But this would be quite a challenge for the attacker in question. In fact, eclipse attacks are very rare due to the decentralized nature of blockchains and the difficulty of isolating a single blockchain node.

Eclipse Attacks Are Rare but Dangerous

Though eclipse attacks are few and far between, there's no denying that they can do a lot of damage. Manipulating a network in this way and exploiting a node's influence can lead to a loss of funds and even malicious network takeovers. Let's hope that the structure of peer-to-peer networks continues to prevent this kind of attack in the long run.