Eclipse Attack

An eclipse attack lets an adversary who controls enough IP addresses monopolize every connection to and from a victim Bitcoin node — both inbound and outbound — so that the victim sees only the attacker's filtered view of the network. The victim is effectively cut off from honest peers and "eclipsed." The attack was formalized by Ethan Heilman, Alison Kendler, Aviv Zohar, and Sharon Goldberg in their 2015 USENIX paper Eclipse Attacks on Bitcoin's Peer-to-Peer Network.

How it works

Bitcoin nodes maintain a limited set of peer connections chosen from an address database. An attacker repeatedly floods the victim with attacker-owned addresses and waits for (or forces) the victim to restart, so that when it reconnects it dials only attacker-controlled peers. Once a node is eclipsed, the attacker filters which blocks and transactions it sees.

What it enables

An eclipsed node is a launchpad for deeper attacks: N-confirmation double-spends against a victim merchant, vote-splitting that aids selfish mining, and feeding a miner a stale chain to waste its hashrate. Heilman's team proposed countermeasures — randomized peer selection, more buckets in the address manager, and feeler connections — many of which Bitcoin Core adopted. Operators further reduce risk by adding manual trusted peers, increasing outbound connection diversity, and running over Tor or multiple networks.

Eclipse attacks often build on a Sybil Attack and overlap with routing-layer Man-in-the-Middle interception.