Eclipse Attacks on Ethereum: Comparative Analysis with Bitcoin and Security Implications

Eclipse attacks are network‑level attacks on blockchain systems where the attacker gains control of the victim’s peer network, obscuring the node’s view of the blockchain.

Boston University associate professor Sharon Goldberg co‑authored a paper titled “Low‑resource Eclipse attacks on Ethereum’s peer‑to‑peer network” with PhD student Ethan Heilman and researcher Yuval Marcus, describing a method to launch such attacks on the Ethereum network.

The researchers disclosed the attack to Ethereum on January 9 2018, prompting developers to release a patch—Geth v1.8.1—to fix the network vulnerability.

In an interview with Bitcoin Magazine, Goldberg explained the study, how it compares to Bitcoin’s Eclipse attacks, and why the work is important.

She emphasized that collaborating with Ethereum developers to remediate the flaw was a smooth process, describing the vulnerability as practical and easy to disclose.

Martin Holst Swende, in an email to Bitcoin Magazine, noted that the recent Geth patch modifies several aspects of the P2P layer without affecting consensus code, and reassured users that Eclipse attacks target specific victims; he recommended everyone upgrade to v1.8.1.

Network Partition

Like Bitcoin, an Ethereum node depends on connections to other nodes to obtain a complete network view. In an Eclipse attack, the attacker controls all connections to the victim’s node, preventing the victim from seeing the rest of the network.

Eclipse attacks combine mining power with consensus manipulation and are especially useful for double‑spending: a recipient can send coins while using an Eclipse attack to hide a concurrent transaction occurring elsewhere in the network.

Goldberg, Heilman, and two other researchers published the first paper on Bitcoin Eclipse attacks three years ago; together with a new intern (Marcus), they explored whether a similar attack could be performed on Ethereum.

Completely Different

Goldberg described launching an Eclipse attack on Ethereum as “completely different” from Bitcoin. To eclipse a Bitcoin node, an attacker must control a large number of IP addresses to monopolize the victim’s connections, making the attack costly.

Conversely, the researchers demonstrated that only one or two machines are sufficient to carry out a comparable attack on Ethereum, rendering Ethereum attacks more powerful.

The significance lies not in the difficulty of preventing the attack but in the limited understanding of how Ethereum’s P2P network operates; the network is essentially permissionless.

As with early Bitcoin research, the team had to reverse‑engineer the protocol from the code and write their own parsers, a time‑consuming effort.

More Resilient?

At first glance, Ethereum appears more resilient: Bitcoin nodes maintain eight outbound TCP connections, while Ethereum nodes maintain thirteen, and Ethereum’s P2P network uses encrypted channels, unlike Bitcoin’s.

However, Ethereum’s apparent resilience is undermined by its reliance on a structured Kademlia‑based network, whereas Bitcoin relies on an unstructured random mesh of nodes.

In Ethereum’s P2P network, nodes are identified by public keys. Prior to Geth v1.8.1, the client allowed users to run an unlimited number of nodes, each with a distinct public key, from the same IP address.

Using a key‑generation algorithm, an attacker can rapidly create unlimited node IDs and even craft IDs that are more attractive to the victim than random ones.

“You see a lot of Kademlia attacks,” Goldberg noted.

More Work to Do

Goldberg admitted she does not fully understand why Ethereum adopted Kademlia. Structured P2P networks are typically used to distribute content—like movies—by splitting them into chunks and sharing those chunks among peers, similar to BitTorrent.

In Ethereum, the content is the blockchain itself, and each node stores the entire chain locally, eliminating the need to split it. She believes an unstructured network might actually be safer for blockchain systems.

Goldberg hopes more researchers will delve into the core of blockchain technology to better understand the “less sexy” components.

She emphasized that complex systems are built atop infrastructure, and securing that infrastructure is crucial.

Researchers such as Goldberg, Heilman, and Marcus play vital roles in the Ethereum ecosystem, often submitting findings through Ethereum’s bug‑bounty program.

“Goldberg shared the paper with us before public release and generously helped evaluate the Geth patch,” Ethereum Foundation member Holst Swende confirmed.