Eclipse Attack

Bitcoin nodes typically maintain 8–10 outbound peer connections, plus inbound peers if the node is publicly reachable. An eclipse attack fills every one of those slots with attacker-controlled peers. From the victim's perspective, the attacker *is* the Bitcoin network — block data, transaction relays, mempool, all of it.

The 2015 Heilman et al. paper showed the attack was practical at the time. Mitigations since: more diverse peer selection (BIP-155, tried-table partitioning), anchor connections that persist across restarts, and asmap-based bucketing that makes it harder for one ASN to dominate.

Eclipse becomes dangerous when combined with double-spend or selfish-mining attacks: the attacker shows the victim a chain that doesn't actually exist on the rest of the network. For typical nodes the practical risk is low; for high-value targets running a full node behind a single ISP, asmap and Tor anchor peers are worth configuring.