When attackers target network users, they usually have deeper motivations. Generally, eclipse attacks can be used as a gateway for more sophisticated attacks and interruptions.

0-Confirm double spend

If users accept the transaction without confirmation, they will face the risk of double payment. In principle, although the transaction has been broadcast, the sender can still create a new transaction and spend the funds elsewhere. A double spend may occur before the transaction is included in a block and submitted to the blockchain.

New transactions with higher fees can also be included before the original transaction to invalidate earlier transactions. The risk of doing so is that some individuals and companies accept 0 confirmation transactions in practice.

N confirm double spend

N-confirmed double spend is similar to 0-confirmed transaction. However, they require more complicated preparations. Since many businesses prefer to delay marking a payment as valid before waiting for a certain number of confirmations, they are vulnerable to attack.

In this case, the attacker eclipsed both the miners and merchants. They do this by establishing orders with merchants and broadcasting transactions to eclipsed miners. This results in the transaction being confirmed and included in the blockchain. However, this particular chain is not correct because the miners were cut off from the network earlier.

The attacker then forwards this blockchain version to the merchant, who then publishes the goods and/or services, believing that the transaction has been confirmed.

Weaken competitive miners

Eclipsed nodes continue to run, because the target user usually does not know that they are isolated from the legitimate network. Therefore, miners will continue to mine blocks as usual. The added block will be discarded when synchronizing with the honest peer.

Large-scale eclipse attacks performed on major miners are usually used for 51% attacks. However, since the cost of taking over the majority of Bitcoin’s computing power is incredibly high, this possibility is still very small. At ~80TH/s, the attacker theoretically needs more than 40TH/s to successfully make such an attempt.