Blockchain clients running on less powerful devices impede the communication of nodes, thus creating a vulnerability to eclipse attacks. Once compromised, the hacker only needs to work with a small set of nodes that the infected node communicates with.
Eclipse attacks isolate a node on the network and eclipse its view of the other nodes. The attacker then floods the network with illegitimate nodes, which then communicate with the infected node. This redirected inbound and outbound traffic ensures that the attacked node is alienated from the rest of the network.
Recommended ArticlesView All
No need for customers to visit bank branches for re-KYC — Check RBI rule and process here
IST2 Min(s) Read
Residents now allowed to hedge gold price risk on recognised exchanges in IFSC — Who will benefit?
IST2 Min(s) Read
Once the secluded node is disconnected from the blockchain ledger, attackers can then falsely validate transactions on the blockchain. Such attacks severely disrupt network traffic.
However, the efficacy of the eclipse attack depends on the efficiency of the attacked blockchain itself. Further, blockchains encourage decentralisation by design, and their security protocols generally ward off such attacks. That is why eclipse attacks are a rare sight these days.
How does an Eclipse Attack work?
Eclipse attacks can be executed on blockchains with bandwidth limitations that prevent all nodes from communicating with each other. Blockchain clients running on less powerful devices impede the communication of nodes, thus creating a vulnerability to eclipse attacks. Once compromised, the hacker only needs to work with a small set of nodes that the infected node communicates with.
In order to pull off something like this, attackers deploy a ‘botnet’ which is simply a network hosted by other devices infected with the attacker’s malware. These attacker-controlled nodes then infuse numerous IP addresses into the target network, which are nothing but the addresses of the attacker’s rogue nodes. When the invaded device reconnects with the blockchain, it connects with these malicious nodes.
These attacks are called Distributed Denial-of-Service (DDoS) attacks and can take several attempts before the target node successfully connects with the foreign nodes. Once the connection is established, the victim is at the attacker’s mercy. DDoS attacks are launched from a plethora of devices, and this decentralised nature of the attack makes them the hardest to detect.
The biggest DDoS attack in history was reported by Yandex in September 2021, when the network was clogged with a whopping 22 million requests per second between August and September 2021.
The longest ever DDoS attack is known to have lasted for 776 hours, a duration of more than 1 month! Both the above attacks are clear indicators of exactly how elusive these attacks are.
Repercussions of Eclipse Attacks:
Also, the sheer amount of resources required at the attacker’s end hints at the kind of motive they would have. With that in mind, there are three possible consequences if an eclipse attack has hit you:
1. Zero-confirmation double spending:
Cutting off a user from the network means that the attacker can feed false data to the system effortlessly and coax a victim to make double spends. Since the infected node only communicates with the hostile nodes, the transaction never gets confirmed and added to a block on the blockchain. The attacker then uses this data to initiate a new legitimate transaction that transfers the same funds elsewhere.
In fact, if higher gas fees are paid on the newly crafted transaction, miners will readily pick it up for authentication, thus invalidating the previous user-initiated transaction. This can be very damaging to merchants who accept 0-confirmation transactions as the coins get spent somewhere else altogether, although the goods have been handed over to the buyer.
2. N-confirmation double spending:
In order to achieve this kind of attack, the attacker needs to eclipse the merchant as well as the miner whose coins are going to be rerouted.
Once an order has been placed with the seller, the transaction is broadcasted to the rogue network with the compromised node, i.e., the miner. These nodes return a false confirmation, thus convincing the seller that the transaction has been added to the blockchain. Satisfied, the seller then releases the goods to the attacker, who gets the product and the victim’s coins, which are directed somewhere else.
3. Diminished mining power:
Invaded nodes remain oblivious to their state of isolation from the network and continue to operate as usual. This means that the miner with an infected system is still trying to mine blocks within the blockchain’s rules. However, when the blockchain receives the mined blocks, it will discard them as the honest nodes on the real network have never seen the data before.
Since the infected node is eclipsed from the network, its mining power stops contributing to the blockchain and yields no rewards. This reduces the overall efficiency of the blockchain as well.
In theory, it is possible to launch an eclipse attack so big that 51% of the nodes on the blockchain network come under the attacker’s control. But the resources required to do so amount to a cost so massive that it is unfeasible.
What can be done to block eclipse attacks?
Eclipse attacks aim to misdirect payments between parties. Therefore, peer-to-peer payment systems are prone to these kinds of attacks. These attacks are also used as the predecessors of other attacks that follow soon after. While the bitcoin blockchain can be considered as a target, the sheer mining power required to attack it deters most miscreants from doing so.
Since it is possible for an attacker to sever a node from the network, the most obvious solution is for the network to reject all incoming connections. Security can be further augmented by programming the network to make outgoing connections only to a set number of honest nodes. However, this comes at a cost, as implementing these measures affects scalability and prevents onboarding new nodes onto the network. This, in turn, impacts decentralisation, which is what the blockchain strives to enhance.
(Edited by : Priyanka Deshpande)
First Published: IST