Eclipse Attacks on Ethereum's Peer-to-Peer Network
Ruisheng Shi, Yuxuan Liang, Zijun Guo, Qin Wang, Lina Lan, Chenfeng Wang, Zhuoyi Zheng
TL;DR
This paper presents the first practical eclipse attack on Ethereum 2.0 nodes, demonstrating its feasibility and severity through experiments and proposing countermeasures.
Contribution
It introduces a novel multi-stage eclipse attack on Ethereum, including DNS poisoning and slots hijacking, validated on testnet and mainnet.
Findings
Over 80% of public nodes lack sufficient idle capacity for slots.
DNS list poisoning requires only 28 IP addresses over 100 days.
Slots hijacking increases success rate from 45% to 95%.
Abstract
Eclipse attacks isolate blockchain nodes by monopolizing their peer-to-peer connections. The attacks were extensively studied in Bitcoin (SP'15, SP'20, CCS'21, SP'23) and Monero (NDSS'25), but their practicality against Ethereum nodes remains underexplored, particularly in the post-Merge settings. We present the first end-to-end implementation of an eclipse attack targeting Ethereum (2.0 version) execution-layer nodes. Our attack exploits the bootstrapping and peer management logic of Ethereum to fully isolate a node upon restart. We introduce a multi-stage strategy that majorly includes (i) poisoning the node's discovery table via unsolicited messages, (ii) infiltrating Ethereum's DNS-based peerlist by identifying and manipulating the official DNS crawler, and (iii) hijacking idle incoming connection slots across the network to block benign connections. Our DNS list poisoning is the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.