An eclipse attack involves a malicious attempt to infiltrate a decentralized exchange with the intent to isolate and attack a specific user. The attacker has no desire to invade the entire network. The objective of the attacker is to prevent the target from getting a true picture of the network activity.
How an Eclipse Attack Works
Eclipse attacks are possible because decentralized networks do not allow all nodes to simultaneously connect to all other nodes on the network. Each Bitcoin node has 8 outgoing connections. These nodes are never continuously connected to each other at the same time.
This is where the breakdown occurs in terms of allowing an attacker to initiate an eclipse attack.
Why Doesn’t the Bitcoin Network Require Nodes to Remain Connected at All Times?
The main reason this is not the case is that many nodes don’t have enough bandwidth to maintain a constant connection. Decentralization is an important component of the Bitcoin blockchain. If the network required all nodes to stay fully connected, many nodes would be unable to participate in the blockchain.
The reduction in the number of nodes would create a more centralized network.
Types of Nodes
There are two types of nodes on the Bitcoin blockchain.
A full node fully enforces all of the Bitcoin rules. Full nodes download every block and transaction and check them against Bitcoin’s consensus rules. Additionally, full nodes must store information about every unspent transaction output until it is spent.
For this reason, full nodes are inefficient. Running a full node is the only way Bitcoin can be used in a trustless way. For instance, by running a full node, you can be 100% certain that all of the Bitcoin rules are being followed.
Full nodes are the most private and secure way to use Bitcoin.
A lightweight node does not download the entire blockchain. Instead, it downloads the block headers to validate the authenticity of the transactions. Based on the fact that lightweight nodes are not asked to download the entire blockchain, the nodes are much easier to maintain and operate in comparison to full nodes.
The majority of the nodes on the Bitcoin network are lightweight nodes. Of course, the main concern of a lightweight node is security. Lightweight nodes are more vulnerable to an eclipse attack.
Goals of an Eclipse Attack
The objective of the attacker is to hijack the nodes which are not fully connected to the blockchain network. The success of the attacker depends on the size and nature of the network being attacked. Typically, an attacker would have to control a botnet of host nodes, each with its own IP address, to pull off a successful attack.
At this point, the attacker patiently waits for an unsuspecting node to log off the network and then rejoin the network. Upon rejoining the network, the attacker gains access to the victim’s connections.
The attacker must jump through several hoops to achieve a successful attack. Therefore, engineering an eclipse attack must be a fairly profitable undertaking.
Rewards of an Eclipse Attack
A 0-confirmation double-spend attack is a chief motive for carrying out an eclipse attack. Essentially, this type of cyber invasion occurs when an individual accepts a crypto transaction with no confirmation. If the participant in a transaction fails to receive a confirmation, the participant is at risk of a double spend.
Until the transaction has been included in a block, it is vulnerable to a double spend. The original sender can create a new transaction, thus spending the same funds on two separate occasions. If a user has a large amount of Bitcoin, an eclipse attack can be very lucrative.
This explains how malicious attackers benefit from an eclipse attack. Thankfully, blockchain developers continue to work on ways to eliminate eclipse attacks.
Brief Summary of Eclipse Attack
- An eclipse attack is designed to isolate and attack a specific user.
- The attacker has no desire to invade the entire network.
- Eclipse attacks are possible because of the decentralized nature of the network.
- All nodes on the blockchain network are never fully connected at all times.
- This explains how an eclipse attack can occur.
- The elimination of nodes would increase centralization.
- There are two types of nodes, a full node, and a lightweight node.
- The lightweight node is most vulnerable to an eclipse attack.
- Unfortunately, an eclipse attack can be quite profitable for the attacker.
- The most common attack is a 0-confirmation double-spend attack.
- It occurs when an individual accepts a transaction with no confirmation.
- Eclipse attacks will always remain prevalent because of decentralization.