Related papers: Eclipse Attacks on Ethereum's Peer-to-Peer Network

Eclipse Attacks on Ethereum's Peer-to-Peer Network

URL: http://arxiv.org/abs/2601.16560v1
Date: Fri, 23 Jan 2026 09:00:51 GMT
Title: Eclipse Attacks on Ethereum's Peer-to-Peer Network
Authors: Ruisheng Shi, Yuxuan Liang, Zijun Guo, Qin Wang, Lina Lan, Chenfeng Wang, Zhuoyi Zheng,
Abstract summary: We present the first end-to-end implementation of an eclipse attack targeting execution-layer nodes.<n>Our attack exploits the bootstrapping and peer management logic to fully isolate a node upon restart.<n>Our DNS list poisoning is the first in the cryptocurrency context and requires only 28 IP addresses over 100 days.
Score: 27.463594785520367
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Eclipse attacks isolate blockchain nodes by monopolizing their peer-to-peer connections. The attacks were extensively studied in Bitcoin (SP'15, SP'20, CCS'21, SP'23) and Monero (NDSS'25), but their practicality against Ethereum nodes remains underexplored, particularly in the post-Merge settings. We present the first end-to-end implementation of an eclipse attack targeting Ethereum (2.0 version) execution-layer nodes. Our attack exploits the bootstrapping and peer management logic of Ethereum to fully isolate a node upon restart. We introduce a multi-stage strategy that majorly includes (i) poisoning the node's discovery table via unsolicited messages, (ii) infiltrating Ethereum's DNS-based peerlist by identifying and manipulating the official DNS crawler, and (iii) hijacking idle incoming connection slots across the network to block benign connections. Our DNS list poisoning is the first in the cryptocurrency context and requires only 28 IP addresses over 100 days. Slots hijacking raises outgoing redirection success from 45\% to 95\%. We validate our approach through controlled experiments on Ethereum's Sepolia testnet and broad measurements on the mainnet. Our findings demonstrate that over 80\% of public nodes do not leave sufficient idle capacity for effective slots occupation, highlighting the feasibility and severity of the threat. We further propose concrete countermeasures and responsibly disclosed all findings to Ethereum's security team.

Related papers

MemeChain: A Multimodal Cross-Chain Dataset for Meme Coin Forensics and Risk Analysis [52.468043639056596]
The meme coin ecosystem has grown into one of the most active yet least observable segments of the cryptocurrency market.<n>MemeChain integrates on-chain data with off-chain artifacts, including website HTML source code, token logos, and linked social media accounts.<n>We quantify the ecosystem's extreme volatility, identifying 1,801 tokens (5.15%) that cease all trading activity within just 24 hours of launch.
arXiv Detail & Related papers (2026-01-28T14:42:02Z)
Initial Evidence of Elevated Reconnaissance Attacks Against Nodes in P2P Overlay Networks [0.9003384937161055]
We investigate the state of active reconnaissance attacks on P2P network nodes by deploying a series of honeypots alongside actual nodes across globally distributed vantage points.<n>We find that nodes experience not only increased attacks, but also specific types of attacks targeting particular ports and services.
arXiv Detail & Related papers (2024-11-21T22:56:16Z)
Deanonymizing Ethereum Validators: The P2P Network Has a Privacy Issue [19.43262773933136]
Many blockchain networks aim to preserve the anonymity of validators in the peer-to-peer (P2P) network.<n>This work demonstrates that the P2P network does not offer this anonymity.<n>We present a methodology that enables any node in the network to identify validators hosted on connected peers.
arXiv Detail & Related papers (2024-09-06T15:57:43Z)
Blockchain Amplification Attack [13.13413794919346]
We show that an attacker can amplify network traffic at modified nodes by a factor of 3,600, and cause economic damages of approximately 13,800 times the amount needed to carry out the attack.<n>Despite these risks, aggressive latency reduction may still be profitable enough for various providers to justify the existence of modified nodes.
arXiv Detail & Related papers (2024-08-02T18:06:33Z)
The Latency Price of Threshold Cryptosystem in Blockchains [52.359230560289745]
We study the interplay between threshold cryptography and a class of blockchains that use Byzantine-fault tolerant (BFT) consensus protocols.<n>Our measurements from the Aptos mainnet show that the optimistic approach reduces latency overhead by 71%.
arXiv Detail & Related papers (2024-07-16T20:53:04Z)
The Devil Behind the Mirror: Tracking the Campaigns of Cryptocurrency Abuses on the Dark Web [39.96427593096699]
We identify 2,564 illicit sites with 1,189 illicit blockchain addresses, which account for 90.8 BTC in revenue. Our exploration suggests that illicit activities on the dark web have strong correlations, which can guide us to identify new illicit blockchain addresses and onions.
arXiv Detail & Related papers (2024-01-09T16:35:25Z)
Tikuna: An Ethereum Blockchain Network Security Monitoring System [0.0]
This paper focuses on protecting the lowest level layer in the blockchain, particularly the P2P network that allows the nodes to communicate and share information. The P2P network layer may be vulnerable to several families of attacks, such as Distributed Denial of Service (DDoS), eclipse attacks, or Sybil attacks. We introduce Tikuna, an open-source tool for monitoring and detecting potential attacks on the blockchain P2P network, at an early stage.
arXiv Detail & Related papers (2023-10-13T15:39:50Z)
Token Spammers, Rug Pulls, and SniperBots: An Analysis of the Ecosystem of Tokens in Ethereum and in the Binance Smart Chain (BNB) [50.888293380932616]
We study the ecosystem of the tokens and liquidity pools. We find that about 60% of tokens are active for less than one day. We estimate that 1-day rug pulls generated $240 million in profits.
arXiv Detail & Related papers (2022-06-16T14:20:19Z)
Quarantine: Sparsity Can Uncover the Trojan Attack Trigger for Free [126.15842954405929]
Trojan attacks threaten deep neural networks (DNNs) by poisoning them to behave normally on most samples, yet to produce manipulated results for inputs attached with a trigger. We propose a novel Trojan network detection regime: first locating a "winning Trojan lottery ticket" which preserves nearly full Trojan information yet only chance-level performance on clean inputs; then recovering the trigger embedded in this already isolated subnetwork.
arXiv Detail & Related papers (2022-05-24T06:33:31Z)
Chaos Engineering of Ethereum Blockchain Clients [13.131269677617286]
We present ChaosETH, a chaos engineering approach for resilience assessment of blockchain clients. Our results reveal a broad spectrum of resilience characteristics of clients w.r.t. system call invocation errors, ranging from direct crashes to full resilience.
arXiv Detail & Related papers (2021-10-30T10:03:19Z)
Quantum Multi-Solution Bernoulli Search with Applications to Bitcoin's Post-Quantum Security [67.06003361150228]
A proof of work (PoW) is an important cryptographic construct enabling a party to convince others that they invested some effort in solving a computational task. In this work, we examine the hardness of finding such chain of PoWs against quantum strategies. We prove that the chain of PoWs problem reduces to a problem we call multi-solution Bernoulli search, for which we establish its quantum query complexity.
arXiv Detail & Related papers (2020-12-30T18:03:56Z)

This list is automatically generated from the titles and abstracts of the papers in this site.