Eclipse attacks are a special type of cyberattack where an attacker creates an artificial environment around one node, or user, which allows the attacker to manipulate the affected node into wrongful action. By isolating a target node from its legitimate neighboring nodes, eclipse attacks can produce illegitimate transaction confirmations, among other effects on the network. While these types of attacks isolate individual nodes, the effectiveness of eclipse attacks at disrupting network nodes and traffic largely depends on the structure of the underlying network itself. Eclipse attacks are extremely rare in the real world; the structure of a decentralized blockchain itself tends to preclude them. Below it is explained how cryptocurrency eclipse attacks could occur and possible ways to mitigate the associated risks.[1]
What Is an Eclipse Attack? Eclipse attacks involve a malicious actor isolating a specific user or node within a peer-to-peer (P2P) network. When executing an eclipse attack, the attacker attempts to redirect the target user’s inbound and outbound connections away from its legitimate neighboring nodes to attacker-controlled nodes, thereby sealing off the target in an environment that’s entirely separate from the actual network activity. By obfuscating the legitimate current state of the blockchain ledger, the attacker can manipulate the isolated node in various ways that can lead to illegitimate transaction confirmations and block mining disruptions. Because eclipse attacks rely on exploiting a target’s neighboring nodes, the ease with which these attacks can be successfully executed depends largely on the underlying structure of the target blockchain network. While the decentralized architecture of most cryptocurrency protocols makes them relatively difficult (and relatively rare) compared to other types of online attacks, eclipse attacks still represent a potential threat to your online security. It’s worthwhile to understand how they work and how to reduce the likelihood of experiencing one.
How Are Cryptocurrency Eclipse Attacks Executed? Cryptocurrency eclipse attacks are possible because nodes within a decentralized network are unable to simultaneously connect with all other nodes due to bandwidth constraints and must instead connect with a limited set of neighboring nodes. As a result, a malicious actor only needs to compromise the target’s connection with that limited set of nodes rather than attack the entire network, as is the case during a sybil attack.
To seal off and compromise a node, an attacker typically uses a botnet, or a phantom network, created from host nodes to flood the target node with a barrage of IP addresses, which the target may sync up with the next time it reconnects with the blockchain network. From there, the attacker will wait until the target successfully reconnects with the malicious nodes or utilize a Distributed Denial-of-Service (DDoS) attack to force the target to reconnect to the network.
Though it may take multiple attempts before a target node is successfully compromised, once the victim is connected to the attacker-controlled nodes, the attacker can feed false data to the often unsuspecting victim. The most common consequences of an eclipse attack in cryptocurrency projects include:
- Double-spend attacks: Once the victim is cut off from the network, the attacker may misdirect the victim into accepting a transaction that uses either an invalid input or the same input as another transaction that has already been validated on the legitimate network. There are multiple types of double-spend attacks which have been employed by malicious actors since the advent of blockchain technology, and this issue is unique to digital currencies.
- Miner power disruption: Attackers can hide the fact that a block has been mined from an eclipsed miner, thereby misleading the victim into wasting time and computing power mining orphan blocks — blocks that have been excluded from the legitimate blockchain. This way, the attacker is able to increase their relative hash rate within the network and bias the block-mining race in their favor. Furthermore, since an eclipsed miner is essentially blocked out from the legitimate network, attackers may launch eclipse attacks on multiple miners within a network in order to reduce the threshold required to launch a successful 51% attack on the entire network.
How to Prevent a Cryptocurrency Eclipse Attack - Nodes can be eclipsed if an attacker has access to sufficient IP addresses. The easiest way to avoid this is for a node to restrict inbound connections and be deliberate about any connections made with other nodes. This, however, can make it more difficult for new nodes to join a blockchain network, should this approach be used by all nodes.
Due to the public and open-source nature of most blockchain projects, it is relatively easy for malicious actors to assess their structural underpinnings in search of vulnerabilities to exploit. Since structural changes are more difficult to approve and implement midway through a blockchain network’s lifecycle, the best way to avoid a cryptocurrency eclipse attack is to design the blockchain network’s node configuration to resist eclipse attacks from the very start. Common approaches include:
- Random node selection: By structuring a peer-to-peer network in a way in which each node connects to a randomized set of IP addresses each time it syncs with the network rather than adhering to a repeating, exploitable set of node criteria, a blockchain architect can significantly reduce the chances of a node connecting to an attacker-controlled node even if it was recently connected.
- Deterministic node selection: Taking the opposite approach from random node selection, deterministic node selection involves the insertion of specific node IP addresses into their corresponding predetermined fixed slots every time they connect with the network. By fixing the connections of the network’s nodes, an attacker will have a harder time maneuvering malicious nodes through the network and converging around a target, and the repeated insertion of attacker-controlled addresses will not necessarily contribute to the success of an eclipse attack attempt.
In a similar vein, a blockchain could incorporate node identifiers into its network connection criteria to make it easier to reconnect with legitimate peers with higher trust scores. By establishing node connections using identifying information rather than circumstantial data such as timestamps and availability, the blockchain network will be more secure and less susceptible to third-party influences which deviate from legitimate network activity. However, if connections can only be made to specific nodes that have been pre-approved by other peers, the network may run into scalability issues.
Increased node connections: By increasing the required number of node-to-node connections, a network would be able to increase the likelihood that a node will connect to a legitimate user. However, there are node constraints and bandwidth constraints which limit the extent to which a network can increase the number of node connections without sacrificing performance, limiting the efficacy of this approach as a stand-alone solution to eclipse attacks.
New node restrictions: By making it more expensive or difficult to create new nodes within a network, the blockchain architect can set a higher bar for malicious actors to flood the network with attacker-controlled nodes. Oftentimes this approach involves limiting the number of nodes per IP address or device, although this defensive measure can be circumvented by an attacker deploying a botnet composed of devices which have their own unique IP addresses.
For Safety, Always Examine Consensus Mechanism Architecture - While cryptocurrency eclipse attacks typically only affect a single user or a limited set of targets, repeated attacks can undermine trust within a blockchain network and eventually destroy a network without proper defenses. Therefore, in addition to understanding the potential use cases and tokenomics of your favorite blockchain projects, it’s also important to take the time to understand the underlying consensus mechanisms underpinning the networks. While every cryptocurrency project needs a specific real-world application in order to survive the long-term, without robust, tamper-resistant node connections a network is unlikely to remain intact long enough to realize its full potential.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
[1] https://www.gemini.com/cryptopedia/eclipse-attacks-defense-bitcoin
Comments