Tor hidden Services are used to provide anonymity service to users on the Internet without disclosing the location of the servers so as to enable freedom of speech. However, existing Tor hidden services use decentralized architecture making it easier for an adversary to launch DHT-based attacks. In this paper, we present practical Eclipse attacks on Tor hidden services that allow an adversary with an extremely low cost to block arbitrary Tor hidden services. We found that the dominant cost of this attack is IP address resources. The experimental results show that we can eclipse an arbitrary hidden service with 100% success probability with only 6 IP addresses. To understand the severity of the Eclipse attack problems on Tor's hidden services, and its security implications, we present the first formal analysis to evaluate the extent of threat such vulnerabilities may cause and quantify the costs of Eclipse attacks involved in our attack via probabilistic analysis. Theoretical analysis suggests that adversaries with a modest number of IP address resources can block a large number of hidden services at any time.