What is an eclipse attack?

When an attacker targets a network’s user, there is usually a deeper motive for doing so. Typically, eclipse attacks can serve as gateways for more complex attacks and disruptions.

0-confirmation double spends

A user is at risk of a double-spend if they accept a transaction with no confirmations. By principle, although the transaction has already been broadcast, the sender can still create a new transaction and spend the funds somewhere else. Double spends can occur until a transaction has been included in a block and committed to the blockchain. 

New transactions that have a higher fee can also be included before original transactions to invalidate earlier transactions. What’s risky about this is that some individuals and businesses are in the practice of accepting 0-confirmation transactions.

N-confirmation double spends

N-confirmation double spends are similar to 0-confirmation transactions. However, they require more complex preparation. Because a lot of businesses prefer to hold off on marking a payment as valid pending a certain number of confirmations, they can be vulnerable to attacks. 

In this scenario, attackers eclipse both miners and merchants. They pull it off by setting up an order with the merchant and broadcasting the transaction to eclipsed miners. This leads the transaction to be confirmed and included in the blockchain. However, this specific chain is not the right one as the miner has been cut off from the network earlier. 

The attacker then relays this blockchain version to the merchant, who then releases goods and/or services believing that the transaction has already been confirmed.

Weakening competing miners

Eclipsed nodes continue to operate as the target user is often unaware that they have been isolated from the legitimate network. As a result, miners will continue to mine blocks as usual. Blocks that are added will then be discarded upon syncing with their honest peers. 

Large-scale eclipse attacks executed on major miners are usually used to carry out a 51% attack. However, due to the incredibly high cost to take over Bitcoin’s hashing power majority, chances for this are still quite slim. At ~80TH/s, an attacker would theoretically need more than 40TH/s to succeed in such an attempt.