Market Cap: 24h Vol: BTC: BTC Dom:
Gold: S&P 500: EUR/USD: Oil (BRENT):

Eclipse Attack

An eclipse attack works by exploiting the fact that no blockchain node can stay directly connected to every peer on the network at once. Each node keeps only a small, limited number of active connections, and an attacker who controls enough IP addresses can flood a target's connection slots with malicious peers until every link the victim relies on for block and transaction data belongs to the attacker.

Once eclipsed, the victim only sees the version of the blockchain its attacker chooses to show it. This can be used to hide legitimate transactions, feed the node a fabricated chain, or trick it into confirming a payment that never actually settles on the real network, a scenario researchers call an N-confirmation double spend. Eclipsing several miners at once can also waste their computing power on a fake chain, or serve as a stepping stone toward a broader 51% Attack by temporarily cutting a portion of the network's honest hashing power off from the rest.

Eclipse attacks differ from a Sybil Attack in scope: a Sybil attack floods the whole network with fake identities to gain broad influence, while an eclipse attack targets one specific victim node. The technique was formally demonstrated against Bitcoin by academic researchers in 2015, and a follow-up study found that early Ethereum clients could be eclipsed with as few as two machines. Both networks have since added defenses, including limiting how many connections a single IP address can hold and diversifying how peers are selected, though smaller or less actively monitored blockchains remain more exposed to the same underlying weakness.