Eclipse Attack

The primary financial goal. By isolating a victim node (e.g., an exchange or merchant), the attacker can:

• Create a conflicting transaction that spends the same UTXO/balance.
• Broadcast one version to the eclipsed victim, making them believe the payment is valid.
• Broadcast a different version to the honest network, ensuring their own funds are not spent.
• The victim releases goods or services based on the invalid transaction they accepted.

Exploiting the concept of transaction finality. Many services wait for 'N' confirmations. The attacker:

• Mines a private chain in isolation from the victim.
• Shows the victim a transaction with the required number of confirmations on their fake chain.
• Once the victim acts (e.g., releases crypto), the attacker releases their longer, alternative chain to the main network, reorganizing the blockchain and erasing the victim's transaction.

A non-financial goal to censor or disable a specific network participant. By eclipsing a node (often a mining pool or validator), the attacker can:

• Block all incoming transactions from reaching the victim, censoring their ability to participate.
• Prevent block or attestation propagation from the victim, reducing their rewards or causing slashing in Proof-of-Stake systems.
• This can be used to gain a competitive advantage or to target a specific entity.

An Eclipse Attack can be the first stage in a larger 51% (Majority) Attack. The attacker eclipses one or more mining pools or large validators.

• This artificially reduces the honest hashing/staking power visible on the main network.
• The attacker can then execute a chain reorganization with less than 50% of the real total power, as the eclipsed honest power is not contributing to the public chain.
• It's a force-multiplier for other consensus attacks.

Aims to gain unauthorized access or feed false data. By controlling all peer connections, the attacker acts as a man-in-the-middle.

• Can intercept unencrypted traffic from the victim node.
• May feed the victim spoofed data about mempool transactions, network state, or oracle prices to influence their off-chain decisions.
• This is particularly relevant for DeFi protocols or bots that rely on real-time, unverified network data.

Targets simplified payment verification (SPV) clients and light wallets that rely on a small set of full nodes. The attacker:

• Eclipses the light client by posing as its only peer connections.
• Can provide fraudulent block headers and merkle proofs for non-existent or invalid transactions.
• Causes the wallet to display incorrect balances or confirm fake payments.
• This exploits the inherent trust assumption light clients have in their connected peers.

Light clients (or SPV clients) are particularly susceptible to eclipse attacks because they connect to a small number of full nodes. A successful eclipse can feed the light client fraudulent blockchain data. Solutions like Fraud Proofs (as proposed for Ethereum) and Non-Interactive Proofs of Proof-of-Work (NIPoPoWs) aim to allow light clients to verify chain validity without trusting a small set of peers.

An eclipse attack fundamentally relies on a Sybil attack, where an adversary creates a large number of fake identities (nodes). To eclipse a victim, the attacker must control enough Sybil nodes to fill the victim's peer slots. Defenses focus on making Sybil attacks costly, often through Proof-of-Work in peer discovery (like Ethereum's Discv4/5) or Proof-of-Stake mechanisms for network participation.

A Sybil Attack involves creating many fake identities (Sybil nodes) to gain disproportionate influence in a peer-to-peer network. This is a foundational technique for executing an Eclipse Attack, as the attacker uses these fake nodes to surround and monopolize the victim's peer connections. Unlike Eclipse Attacks which target a single node, Sybil Attacks aim to subvert the broader network's reputation or voting systems.

Network Topology refers to the arrangement and structure of interconnections between nodes in a blockchain network. A robust, decentralized, and random topology is a primary defense against Eclipse Attacks. Vulnerabilities arise from predictable peer selection, such as connecting only to nodes with specific IP ranges, which an attacker can exploit to surround a target.

The Peer-to-Peer (P2P) Protocol governs how nodes discover, connect to, and communicate with each other. The security of this protocol directly impacts Eclipse Attack resilience. Key defensive mechanisms implemented at this layer include:

• Inbound/Outbound Connection Limits to prevent monopolization.
• Randomized Peer Selection to avoid predictability.
• Anchor Connections to trusted, long-lived nodes.

A 51% Attack occurs when a single entity gains control of the majority of a blockchain's hashing power or stake, allowing them to censor transactions and reorganize the chain. While both are consensus-layer attacks, they differ in scope: an Eclipse Attack isolates a single node by controlling its view of the network, whereas a 51% Attack subverts the entire network's consensus by controlling its resources.

Following the Ethereum Merge, the network's shift to Proof-of-Stake introduced new considerations for node resilience. Client diversity—the distribution of nodes across different execution and consensus clients (e.g., Geth, Nethermind, Prysm, Lighthouse)—is critical. Over-reliance on a single client software makes the network more susceptible to targeted Eclipse Attacks if a vulnerability is found in that client's peer-to-peer logic.

BGP Hijacking is a network-layer attack where an autonomous system (AS) maliciously reroutes internet traffic by announcing illegitimate Border Gateway Protocol (BGP) routes. This can be used to facilitate a network-level Eclipse Attack by redirecting all of a victim node's incoming and outgoing connections through the attacker's controlled infrastructure, effectively isolating the node from the legitimate blockchain network.