Erebus and Eclipse attacks are described in-depth in this article, since Bitcoin (BTC) and other major cryptocurrencies are vulnerable to these attacks to varying extents, and therefore it is important for crypto users to understand how these attacks work. Also, the Bitcoin Core developers have just deployed some new technology to help hinder these attacks, but at this point there is no solution to completely get rid of these types of attacks.
First off, Eclipse attacks were originally documented in a paper from 2015 titled ‘Eclipse Attacks on Bitcoin’s Peer-to-Peer Network’. Essentially, an attacker with enough IP addresses can monopolize all connections to and from a victim Bitcoin (BTC) node, and the attacker could then perform double spending, selfish mining, and adversarial blockchain forks.
Another way to describe this is that a Bitcoin (BTC) node has a specific amount of inbound and outbound connections, and via these connections the node receives data from the network and remains synchronized with the real blockchain.
However, during an Eclipse attack a Bitcoin (BTC) node’s inbound and outbound connections will all be to nodes controlled by the attacker, and then the attacker can cut off the victim node from the Bitcoin (BTC) network.
Basically, if all of a node’s inbound and outbound connections are from the same attacker, then that attacker can feed that node a false version of the blockchain, and the node will think it’s the real blockchain since all of the connected nodes will be synchronized with the fake blockchain.
As for the Erebus attack, it is quite similar to the Eclipse attack, except that the Erebus attack is more stealthy, and the Erebus is conducted by a large malicious internet service provider (ISP).
Although an Erebus attack takes weeks, it is undetectable, so a malicious ISP could slowly commandeer all of the connections of a victim node.
The major problem with Erebus attacks is that the nodes of major mining pools could be attacked, which could result in severe economic damage for the mining pool since they will be taken off the real blockchain and will be mining fake blocks, in addition to being at risk of double spends.
Even worse, theoretically an Erebus attack could ruin the entire Bitcoin (BTC) network if someone had enough IPs to attack with. Indeed, there has been speculation that a nation-state could use an Erebus attack to cripple the Bitcoin (BTC) network.
The good news is that the latest version of Bitcoin Core has implemented an upgrade called ASN-based bucketing of network nodes.
This upgrade cleverly hinders the Erebus and Eclipse attacks via requiring Bitcoin (BTC) nodes to connect to IP addresses from different ISP networks, rather than having all connections to the same ISP network. This is made possible via mapping out the various ISP networks on the Bitcoin (BTC) network.
In other words, this technology would theoretically make an Erebus attack impossible, since an attacker would not be able to make more than one connection to a victim node.
However, this upgrade does not completely stop Erebus attacks apparently, and the Bitcoin Core developers are still working on a complete solution to the problem.
There are a few possible solutions which have yet to be implemented. One of them is simply increasing the outbound connections of a node from 8 to 16, another is developing a more efficient way to filter and evict fake blocks from malicious actors, and reducing the size of the two tables which store the node’s peer IPs.
On a final note, although Bitcoin (BTC) seems to be getting its act together and is now far less vulnerable to Erebus and Eclipse attacks, this vulnerability exists for all other cryptocurrencies which have a network of peer to peer nodes. Therefore, developers for many major cryptocurrencies including but not limited to Litecoin (LTC), Dogecoin (DOGE), Dash, and Zcash (ZEC) need to implement Erebus/Eclipse countermeasures ASAP.