Cybercriminals are constantly changing their plans and finding ways on how to attack different blockchain networks since the industry is becoming more and more resilient to cyber attacks, especially those with fraudulent intent. There are different ways a cybercriminal can swindle money on any crypto user, one of these is the eclipse attack.
What exactly is an eclipse attack? How does it work? How to identify and avoid this cyberattack that compromises our crypto funds? In this article, we will delve into the specifics of this cyberattack.
Defining Eclipse Attack
Eclipse attacks are a special type of cyberattack where an attacker creates an artificial environment around one node, or user, which allows the attacker to manipulate the affected node into wrongful action. By isolating a target node from its legitimate neighboring nodes, eclipse attacks can produce illegitimate transaction confirmations, among other effects on the network. While these types of attacks isolate individual nodes, the effectiveness of eclipse attacks at disrupting network nodes and traffic largely depends on the structure of the underlying network itself.
The goal of the attacker is to obscure a user’s view of the P2P network in preparation for more complex attacks or to cause general disruption. Eclipse attacks share similarities with Sybil attacks, but with a different end goal.
How does an Eclipse Attack work?
Eclipse attacks in crypto are possible because nodes within a decentralized network are unable to simultaneously connect with all other nodes due to bandwidth constraints and must instead connect with a limited set of neighboring nodes. As a result, a malicious actor only needs to compromise the target’s connection with that limited set of nodes rather than attack the entire network, as is the case during a sybil attack.
In order to seal off and compromise a node, an attacker typically uses a botnet, or a phantom network, created from host nodes to flood the target node with a barrage of IP addresses, which the target may sync up with the next time it reconnects with the blockchain network. From there, the attacker will wait until the target successfully reconnects with the malicious nodes or utilize a Distributed Denial-of-Service (DDoS) attack to force the target to reconnect to the network.
Though it may take multiple attempts before a target node is successfully compromised, once the victim is connected to the attacker-controlled nodes, the attacker can feed false data to the often unsuspecting victim. The most common consequences of an eclipse attack in cryptocurrency projects include:
- Double-spend attacks: Once the victim is cut off from the network, the attacker may misdirect the victim into accepting a transaction that uses either an invalid input or the same input as another transaction that has already been validated on the legitimate network. There are multiple types of double-spend attacks which have been employed by malicious actors since the advent of blockchain technology, and this issue is unique to digital currencies.
- Miner power disruption: Attackers can hide the fact that a block has been mined from an eclipsed miner, thereby misleading the victim into wasting time and computing power mining orphan blocks — blocks that have been excluded from the legitimate blockchain. This way, the attacker is able to increase their relative hash rate within the network and bias the block-mining race in their favor. Furthermore, since an eclipsed miner is essentially blocked out from the legitimate network, attackers may launch eclipse attacks on multiple miners within a network in order to reduce the threshold required to launch a successful 51% attack on the entire network.
How to mitigate Eclipse Attacks?
Theoretically, an attacker having more than enough IP addresses can eclipse any node. Operators can mitigate this risk by blocking incoming connections. Also, they should only make outbound connections to specific nodes that they trust, such as those on a whitelist by other peers in the network. Researchers have pointed out, however, that if all participants adopt these measures, new nodes might not be able to join — making it an approach that cannot be done at scale.
- Increased node connections: If each node in the network gets connected to a large number of nodes, it will get difficult for the attacker to isolate the target in the network, thereby reducing the possibility of an Eclipse attack.
- Random node selection: The network should be designed in such a way that each node connects to a random set of nodes when it comes in sync with the network.
Always examine the consensus mechanism architecture of a blockchain network. While crypto eclipse attacks only affect one user to a limited number of targets, it can compromise the trust that other users have for the blockchain network if the attacks become repetitive. Therefore, in addition to understanding the potential use cases and tokenomics of your favorite blockchain projects, it’s also important to take the time to understand the underlying consensus mechanisms of the networks.
For blockchain developers, here are actions you can take to avoid eclipse attacks:
- IP address selection from the tried table could be done at random. This would reduce the chances of the selected peer being an attacker. If peer selection is randomized, then the attacker will not be successful even after having spent a lot of time in the attack.
- Use a deterministic approach to insert addresses of peers into fixed slots. This will reduce the chances of inserting an attacker’s address into a different slot after having been evicted from the address bucket. A deterministic approach ensures that repeated insertion of addresses does not add value to an attack.
Final Thoughts
Eclipse attacks are very rare and if they happen, they are resolved immediately. However, there’s no denying this cyberattack on crypto can do a lot of damage financially. Manipulating a network in this way and exploiting a node’s influence can lead to a serious financial loss and even malicious network takeovers.
As with most other b types of cyberattacks in crypto, the best defense is still practicing proper device usage, avoiding browsing untrusted websites or links, and maintaining the security for crypto wallets.
