An eclipse attack is a network-level attack on a blockchain peer-to-peer (P2P) network where an attacker isolates a specific node by monopolizing all its incoming and outgoing connections. By controlling the node's entire view of the network, the attacker can feed it false or manipulated data, effectively "eclipsing" it from the honest network. This isolation is the prerequisite for launching more damaging follow-on attacks, such as double-spends or selfish mining, as the victim node can be tricked into accepting an invalid chain.
LABS
Glossary
Eclipse Attack
An eclipse attack is a network-level attack where an adversary isolates a specific node by monopolizing all its incoming and outgoing peer connections.
Chainscore © 2026
definition
BLOCKCHAIN SECURITY
What is an Eclipse Attack?
An eclipse attack is a network-level attack on a blockchain peer-to-peer (P2P) network where an attacker isolates a specific node by monopolizing all its incoming and outgoing connections.
The attack exploits the way nodes discover and connect to peers. Attackers typically use a combination of Sybil attacks—creating a large number of fake node identities—and IP address manipulation to ensure the victim node's connection slots are filled only with malicious peers. On networks like Bitcoin, which maintain a limited number of connections (e.g., 8 outbound), an attacker with sufficient IP addresses can eventually surround a target after it restarts and rebuilds its peer list.
Mitigations against eclipse attacks focus on hardening the peer selection process. Key defenses include using a hardcoded list of trusted nodes (seed nodes), implementing inbound connection limits from a single network prefix, and employing randomized peer selection algorithms that are resistant to manipulation. Ethereum's Node Discovery Protocol (v4) and later versions incorporate such countermeasures to make eclipse attacks more resource-intensive and difficult to execute successfully.
The impact of a successful eclipse attack extends beyond the targeted node. If a major mining pool or exchange node is eclipsed, it could be led to mine on a fraudulent chain or accept invalid transactions, causing financial loss and network disruption. Therefore, eclipse resistance is a critical component of a blockchain's overall network security and consensus resilience, ensuring that nodes maintain an accurate, decentralized view of the ledger.
how-it-works
BLOCKCHAIN SECURITY
How an Eclipse Attack Works
An eclipse attack is a network-level attack where an adversary isolates a specific node from the rest of the peer-to-peer network, controlling its view of the blockchain.
An eclipse attack is a network-level exploit where an attacker monopolizes all incoming and outgoing connections of a target node in a peer-to-peer (P2P) network. By flooding the node's connection slots with malicious peers under their control, the attacker eclipses the victim's view of the real network. The isolated node can then be fed a manipulated version of the blockchain state—such as fraudulent transactions or alternate chain history—while being unable to receive honest data from the genuine network.
The attack exploits the fundamental design of P2P networks, where nodes maintain a limited number of connections (typically 8-125 for clients like Bitcoin Core). Attackers prepare by creating a large number of Sybil nodes with diverse IP addresses. Using techniques like IP address poisoning—where the attacker influences the victim's peer discovery—they ensure their malicious nodes occupy every slot in the victim's peer table. Once the node is fully eclipsed, it operates in a fabricated reality controlled by the attacker.
The primary goals of an eclipse attack are often preparatory, enabling more devastating follow-on attacks. An eclipsed node can be tricked into accepting double-spent transactions, as it cannot see the conflicting transaction broadcast to the real network. Miners can be eclipsed to waste computational power on already-solved blocks, facilitating selfish mining. The attack also enables Nakamoto consensus manipulation, as the victim may vote on stale chain data during reorganization events.
Mitigation strategies are implemented at the protocol and client level. Key defenses include inbound connection limits, anchor connections to trusted peers that are hard to displace, and deterministic random peer selection to resist IP poisoning. Modern clients also use feeler connections to probe the network for new peers and evict suspicious ones. Ensuring a diverse, non-malleable peer list is critical for maintaining network sybil-resistance and integrity.
key-features
NETWORK ATTACK VECTOR
Key Features of an Eclipse Attack
An Eclipse Attack isolates a single node by controlling its peer-to-peer connections, allowing an attacker to manipulate its view of the blockchain.
01
Peer-to-Peer Network Isolation
The core mechanism involves an attacker controlling all of a victim node's incoming and outgoing peer connections. By flooding the node with malicious IP addresses or exploiting the peer discovery protocol, the attacker ensures the victim only communicates with attacker-controlled nodes. This creates a false, isolated view of the network state.
02
Double-Spending Facilitation
A primary goal is to enable double-spending. While the victim is eclipsed, the attacker can:
- Convince the victim that a transaction is confirmed in a private, attacker-only chain.
- Simultaneously broadcast a conflicting transaction to the real network.
- Once the real chain overtakes the false one, the victim accepts the invalid state, having released goods or services.
03
Sybil Attack Prerequisite
Eclipse attacks typically rely on a Sybil attack, where the attacker creates a large number of fake node identities (Sybil nodes). By controlling many IP addresses and node IDs, the attacker increases the probability of monopolizing the victim's peer slots during connection table refreshes or upon restart.
04
Exploitation of Bootstrapping
Nodes are most vulnerable during initial bootstrapping or restart. Attackers can poison the victim's list of known peers (e.g., via DNS seeders or a hardcoded list) or manipulate peer discovery messages (like addr messages in Bitcoin) to fill the connection table with malicious addresses before legitimate ones are found.
05
Consequences for Miners & Wallets
The impact varies by victim:
- Miners: Can be tricked into mining on a stale or private chain, wasting resources and losing block rewards.
- Light Wallets & Exchanges: Rely on a few connected nodes; if those are malicious, they may see incorrect balances or accept unconfirmed transactions as final, leading to financial loss.
06
Mitigation Strategies
Protocol defenses include:
- Inbound/Outbound Peer Limits: Restricting connections from a single IP or network prefix.
- Deterministic Peer Selection: Using a verifiable random function to select peers, making manipulation harder.
- Persistent Peer Lists: Maintaining trusted peers across sessions. Ethereum's Node Discovery Protocol v4 and v5 incorporate such countermeasures.
attack-vectors
NETWORK SECURITY
Common Attack Vectors & Goals
An Eclipse Attack is a network-level attack where a malicious actor isolates a single node from the rest of the peer-to-peer network, controlling all its incoming and outgoing connections to manipulate its view of the blockchain.
01
Core Attack Mechanism
The attacker floods the target node's connection slots with malicious or sybil nodes under their control. By monopolizing all peer connections, the attacker creates a false, isolated network view. This allows them to:
- Withhold new blocks or transactions from the victim.
- Feed the victim a fabricated, alternative chain.
- Enable follow-on attacks like double-spending or Selfish Mining against the eclipsed node.
02
Primary Goals & Impact
An eclipse attack is typically a precursor to more damaging exploits, as controlling a node's view enables:
- Double-Spending: The attacker can convince a merchant node (e.g., an exchange) that a payment is confirmed while secretly mining a conflicting transaction on the real chain.
- Weakening Consensus: Isolating a significant portion of mining power can reduce the honest network's hash rate.
- Data Denial: Preventing a node from seeing legitimate transactions or blocks, degrading network service.
03
Vulnerable Protocols & Mitigations
This attack exploits weaknesses in a node's peer discovery and management. Early Bitcoin and Ethereum clients were vulnerable. Key mitigations now include:
- Inbound/Outbound Connection Limits: Restricting the number of connections from a single IP or subnet.
- Structured Peer Tables: Using protocols like Kademlia DHT (in Ethereum) to make sybil attacks more difficult.
- Deterministic Node Selection: Algorithms that randomize peer selection based on specific criteria to prevent predictable isolation.
04
Relation to Sybil & BGP Hijacking
An Eclipse Attack often relies on or combines with other network threats:
- Sybil Attack: The attacker creates a large number of fake identities (nodes) to populate the victim's peer list. Eclipse attacks are a practical application of a Sybil attack.
- BGP Hijacking: At the internet routing level, an attacker could reroute a node's traffic to isolate it, a more powerful but higher-complexity method to achieve eclipsing.
NETWORK LAYER ATTACKS
Eclipse Attack vs. Other Consensus Attacks
A comparison of attack vectors targeting the peer-to-peer network layer versus those targeting the consensus mechanism directly.
| Attack Vector | Eclipse Attack | Sybil Attack | 51% Attack | Nothing-at-Stake Attack |
|---|---|---|---|---|
Primary Target | Peer-to-Peer (P2P) Network | Peer-to-Peer (P2P) Network | Consensus Protocol | Proof-of-Stake Consensus |
Goal | Isolate a node from the honest network | Gain disproportionate influence over network connections | Control block production and history | Create multiple conflicting blockchain histories |
Required Resource | IP Addresses / Network Connections | Node Identities (Sybils) | Majority of Hashing Power (PoW) or Stake (PoS) | Staked Capital |
Impact on Consensus | Indirect (feeds false data to victim) | Indirect (biases network view) | Direct (controls chain progression) | Direct (enables chain reversions) |
Prevention Mechanism | Outbound connection management, addrman rotation | Costly identity creation (e.g., PoW in node ID) | Economic cost of acquiring resources | Slashing penalties, checkpointing |
Vulnerable Layer | Network Layer | Network Layer | Consensus Layer | Consensus Layer |
Example Protocol Impact | Bitcoin, Ethereum (any P2P chain) | Early permissionless networks | Bitcoin, Ethereum Classic | Early Proof-of-Stake designs |
prevention-mitigation
ECLIPSE ATTACK
Prevention and Mitigation Strategies
An eclipse attack isolates a node by controlling all its peer connections, enabling manipulation of its view of the blockchain. These strategies focus on network-level defenses to maintain decentralization and honest peer discovery.
01
Random Peer Selection
A core defense where nodes connect to peers selected randomly from the entire network, rather than from a predictable or static list. This makes it statistically difficult for an attacker to monopolize all inbound and outbound connections. Implementations often use cryptographically secure random number generators and maintain a large, diverse peer table to increase the cost of an attack.
02
Inbound/Outbound Connection Limits
Protocols enforce strict limits on the number of connections a single node can have. A common configuration is 8 outbound and 117 inbound connections (as in Bitcoin). By requiring an attacker to control a massive number of nodes to fill all slots, this increases the Sybil cost. Adjusting these ratios based on network topology is a key parameter for node software.
03
Anchor Connections & Trusted Peers
Nodes can be configured with a set of hard-coded or manually configured anchor peers that are reconnected to on startup. These provide a reliable, honest entry point into the network. Some clients also support block-only connections from trusted peers to obtain an objective chain view, separate from transaction gossip channels.
04
Peer Discovery Hardening
Strengthening the mechanisms by which nodes find new peers prevents attackers from poisoning the discovery process. Strategies include:
- Using multiple peer discovery protocols (DNS seeds, hardcoded seeds, peer exchange).
- Validating peer addresses and banning nodes that advertise invalid information.
- Implementing client diversity to avoid a single point of failure in discovery logic.
05
Consensus & Chain History Validation
While not a network-level prevention, this mitigates the ultimate impact. A node that has been eclipsed can still detect inconsistencies by validating proof-of-work (in PoW chains) or finality proofs (in PoS chains) against its local, previously validated chain. Requesting block headers from multiple suspected honest peers after a suspected attack can help re-sync to the canonical chain.
06
Monitoring & Alerting
Node operators can deploy monitoring to detect eclipse attack indicators. Key metrics include:
- Peer diversity: Geographic and network (ASN) distribution of connected peers.
- Unusual inactivity: Sudden lack of transactions or blocks from specific services.
- Chain tip divergence: Significant differences between the node's best chain and public block explorers. Automated alerts for these conditions enable a proactive response.
historical-examples
ECLIPSE ATTACK
Historical Examples and Research
While often discussed theoretically, real-world eclipse attacks are rare but have been demonstrated in research and exploited in practice, highlighting critical vulnerabilities in peer-to-peer network design.
02
Ethereum's Kovan Testnet Incident (2016)
The Kovan testnet suffered a sustained eclipse attack in 2016, providing a live case study. An attacker monopolized connections to the network's bootnodes, which are hardcoded entry points for new nodes. This caused the network to split into multiple partitions, disrupting consensus. The incident revealed critical flaws:
- Over-reliance on a small set of centralized bootnodes.
- The ease of sybil attacks to create malicious nodes.
- This event prompted Ethereum to implement more robust peer discovery and node identity management protocols.
03
Monero Network Attack (2020)
In September 2020, the Monero network experienced a severe denial-of-service (DoS) attack that leveraged eclipse-like tactics. Attackers flooded the network with malicious nodes, overwhelming legitimate peers and isolating parts of the network. While not a pure eclipse attack, it shared the core mechanism of peer connection manipulation. The attack:
- Highlighted the vulnerability of cryptonote-based peer-to-peer stacks.
- Forced the Monero community to deploy emergency patches.
- Underlined that privacy-focused chains are not immune to network-layer attacks.
04
The Eclipse Attack on Bitcoin's Memory Pool
Beyond isolating a node for consensus attacks, researchers have explored eclipsing a node's mempool. By controlling all connections, an attacker can:
- Censor transactions from reaching the victim miner or merchant.
- Front-run transactions by seeing private order flow.
- Create a fake blockchain view by feeding the victim only specific, attacker-created blocks. This variant shows the attack's utility beyond double-spending, enabling financial surveillance and extraction of MEV (Miner Extractable Value).
06
Key Research Takeaways & Mitigations
Historical research converges on critical mitigation strategies now implemented in major protocols:
- Increased Maximum Inbound Connections: Raising from 8 to over 100 (Bitcoin).
- Anchor Connections: Persisting trusted peer addresses across sessions.
- Deterministic Node ID Selection: Using IP/Port hashing to prevent sybil attacks on slots.
- Outbound Connection Diversity: Ensuring connections span multiple network groups (/16 subnets).
- Regular Peer Rotation: Evicting old peers to prevent long-term infiltration. The attack remains a persistent threat, especially for new, bootstrapping nodes.
DEBUNKED
Common Misconceptions About Eclipse Attacks
Eclipse attacks are a sophisticated network-level threat, but they are often misunderstood. This section clarifies the technical realities, separating fact from fiction to provide a precise understanding of the attack vector, its limitations, and its true impact on blockchain security.
An eclipse attack is a network-level attack where an adversary isolates a specific node from the honest peer-to-peer network, controlling all its incoming and outgoing connections to manipulate its view of the blockchain. The attacker works by monopolizing the victim node's peer slots with malicious peers under their control. This is often achieved by manipulating the node's peer discovery mechanisms, such as flooding it with connection requests or poisoning its peer tables. Once the victim is eclipsed, the attacker can feed it a false or manipulated chain state, enabling follow-on attacks like double-spending or selfish mining against that specific node. The attack does not require a majority of the network's hash power but exploits the node's limited number of peer connections (e.g., Ethereum's default of 50 peers).
ECLIPSE ATTACK
Frequently Asked Questions (FAQ)
Common questions about eclipse attacks, a network-level threat to blockchain nodes that isolates them from the honest network.
An eclipse attack is a network-level attack where a malicious actor isolates a specific blockchain node by monopolizing all its incoming and outgoing peer connections with attacker-controlled nodes. This effectively 'eclipses' the victim's view of the real network, allowing the attacker to feed it a manipulated version of the blockchain state, such as fake transactions or an alternative chain. The attack exploits the node's peer-to-peer networking layer, not the consensus protocol itself. Successful isolation enables follow-on attacks like double-spending against the victim or facilitating other consensus attacks like Nakamoto consensus manipulation.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall