Researchers Find New Eclipse and Downgrade Attack Risks in Bitcoin’s Encrypted P2P Network

Bitcoin’s encrypted peer-to-peer transport protocol may still leave nodes exposed to eclipse and downgrade attacks despite solving several long-standing network security problems, according to new academic research published on May 19.

Eclipse attacks isolate Bitcoin nodes from legitimate, honest peers, allowing attackers to control the blockchain information they receive. Downgrade attacks can force nodes to reconnect using older unencrypted communication channels that are more vulnerable to manipulation.

In a paper titled “Security Analysis of Bitcoin’s V2 Transport Protocol: Exploiting Design Implications for Sustained Eclipse and Downgrade Attacks,” researchers Charmaine Ndolo and Florian Tschorsch from Dresden University of Technology analyzed Bitcoin’s V2 peer-to-peer transport protocol introduced under BIP-324.

The protocol became the default communication mode in Bitcoin Core 27.0 in April 2024 and was designed to encrypt traffic between Bitcoin nodes, following years of criticism over the network’s unencrypted communications.

The researchers said the encryption upgrade successfully blocks several previously known attacks that relied on inspecting or modifying unencrypted traffic. While they emphasized that BIP-324 still improves Bitcoin’s network security significantly compared to the older unencrypted transport, they said that design choices made for compatibility and network stability introduced new attack paths. These vulnerabilities still allow adversaries to isolate nodes or force them back onto unencrypted connections.

The paper focused on attackers operating at the network level, such as autonomous systems or entities capable of intercepting and manipulating internet traffic between Bitcoin nodes.

Researchers Demonstrated Sustained Eclipse Attack

The paper’s main finding centered on a new eclipse attack that targets how Bitcoin’s V2 transport layer handles decryption failures.

Under the current implementation, nodes immediately close TCP connections when encrypted packets fail authentication or decryption checks. The researchers argued that this behavior creates a weakness because attackers can replay duplicated encrypted payloads into existing streams and intentionally trigger connection failures.

“An active network-level adversary can cause all connections to a victim node to be closed by replaying payloads,” the authors wrote.

After disconnecting legitimate peers, attackers can gradually occupy available connection slots until the victim node becomes isolated from the rest of the Bitcoin network.

The researchers said they successfully tested the attack in a controlled environment and managed to gradually eclipse a victim node in less than one day.

Unlike earlier eclipse attacks that depended heavily on Bitcoin’s lack of encryption, the new approach uses the encrypted channel itself against the node. The paper described the issue as conceptual rather than an implementation bug, meaning the weakness stems from how the protocol was designed rather than from a coding mistake.

The researchers also argued that the weakness may extend beyond Bitcoin because several other peer-to-peer systems immediately terminate encrypted sessions after decryption failures.

Encrypted Traffic Still Reveals Message Patterns

Although Bitcoin’s V2 transport encrypts payload contents using ChaCha20-Poly1305, a modern encryption standard designed to secure internet traffic, the paper said message classification may still be possible through traffic analysis.

The researchers found that attackers can often infer Bitcoin message types by observing TCP payload lengths.

Some packet types, including VERSION messages, remain identifiable despite encryption because encrypted Bitcoin messages still produce recognizable packet-length patterns.

The researchers conducted a six-week measurement study of the Bitcoin network and concluded that message-length fingerprinting remains viable in several cases.

The traffic analysis could help active network-level attackers identify and replay specific encrypted packet types while maintaining what the authors described as “discretion” during eclipse attempts.

The study argued that BIP-324 introduced encryption but did not fully implement traffic-shaping protections that would make encrypted traffic patterns harder to classify.

Compatibility Mechanism Opens Downgrade Attack Path

The paper also examined how Bitcoin nodes maintain compatibility with older clients still using the original unencrypted V1 transport protocol.

Under BIP-324, nodes can automatically retry connections using the older protocol if a V2 encrypted handshake fails immediately after the TCP connection is established.

The researchers claimed that this fallback behavior makes downgrade attacks possible even when both peers support encrypted communication.

According to the paper, a network-level attacker can intentionally interrupt encrypted handshakes and force both peers to reconnect using the older unencrypted transport layer, even when both nodes support V2.

In their experimental setup, the researchers said they tested the downgrade attack and found that it “succeeds without fail.”

They warned that forcing nodes back to unencrypted communication could reopen several attack vectors that Bitcoin’s encrypted transport was designed to prevent, including traffic spoofing and propagation delay attacks.

The issue partly stems from handling protocol negotiation at the transport layer rather than the application layer, meaning the fallback decision occurs before peers fully authenticate which protocol both sides support.

Researchers Proposed Countermeasures

The paper concluded with several short-term and long-term mitigation proposals.

Among them, the researchers suggested changing how Bitcoin handles decryption failures, improving traffic-shaping mechanisms, and redesigning compatibility negotiation to reduce downgrade opportunities.

They also noted that some eclipse attack conditions originate from Bitcoin’s broader peer and address management system rather than the encryption layer alone.

According to them, securing peer-to-peer blockchain networks against powerful network-level adversaries remains an open problem.

“To the best of our knowledge, we are the first to study Bitcoin’s security under V2 P2P transport,” the paper stated.

The research arrives as Bitcoin developers continue evaluating the long-term effects of encrypted node communication following BIP-324’s rollout across the network.