Users are urged to upgrade to the patched version, Geth v1.8.1. A team of researchers from Boston University and the University of Pittsburgh quietly disclosed a vulnerability they found on the Ethereum network during a bug bounty program launched by the network in January. In what is referred to as an eclipse attack, an attacker can \u201ceclipse\u201d a node\u2019s view of the blockchain by monopolizing a target\u2019s connections, and using the victim\u2019s mining power to compromise the network\u2019s consensus algorithm. According to the research, the vulnerability stems from Ethereum\u2019s deployment of the Kademlia peer-to-peer protocol. \u201cOur eclipse attacker monopolizes all of the victim\u2019s incoming and outgoing connections, thus isolating the victim from the rest of its peers in the network. The attacker can then filter the victim\u2019s view of the blockchain, or co-opt the victim\u2019s computing power as part of more sophisticated attacks. We argue that these eclipse-attack vulnerabilities result from Ethereum\u2019s adoption of the Kademlia peer-to-peer protocol, and present countermeasures that both harden the network against eclipse attacks and cause it to behave differently from the traditional Kademlia protocol,\u201d the research stated. Ethereum Foundation Security lead Martin Holst Swende says however, that users shouldn\u2019t worry since \u201can eclipse-attack is a targeted attack against a specific victim\u201d but that users should upgrade to the patched version as recommended by the researchers. \u201cUpgrade to geth 1.8.1. Geth versions prior to 1.8 are vulnerable,\u201d the researchers urged. Eclipse attacks are not unique to Ethereum. Bitcoin itself is vulnerable to eclipse attacks but it\u2019s far more difficult\u2014and far more expensive, as the same researchers did a study on it in 2015. In the Bitcoin network, attackers need a large amount of IP addresses, whereas for Ethereum, they only need two hosts with a single IP address each. \u201cThat part surprised me a little bit,\u201d says Sharon Goldberg, the Ph.D. candidate at Boston University who did the eclipse attack study on both Ethereum and Bitcoin. Additionally, Bitcoin turned out to be more resilient to the attack because it employs an unpredictable mechanism where nodes connect with each other at random. Ethereum, on the other hand, uses Kademlia supposedly to make connections more efficiently\u2014but also allowed attackers to exploit the generation of an unlimited number of nodes even with a single IP address, and get victims to choose to connect to their node ID\u2019s instead of legitimate ones.