Named after a book titled Sybil, a “Sybil attack” is an effort to manipulate or control a peer-to-peer network via the usage of multiple accounts or fake identities. These disingenuous users are disguised as real unique users but are under the control of a single entity or individual.
By using multiple fake user accounts, a malicious entity may leverage more centralized power in a network meant to be decentralized, influence majority opinion on social media platforms, cast fraudulent votes in a democratic governance process, etc.
When it comes to Bitcoin and other blockchain-based projects, a Sybil attack is when an attacker rewrites the distributed public ledger via majority control over its network of nodes.
Sybil attacks most frequently are related to double-spending attacks, which occur when an attacker controls the majority of a blockchain’s total hash rate and can successfully double-spend. Such an attack allows the wrongdoer to make already spent payments disappear from the distributed public ledger and force funds back to their wallet by removing the transactions from the blockchain.
How Blockchains Prevent Sybil Attacks
As decentralized systems, blockchains have an inherent interest in preventing centralized manipulation or control by means of Sybil attacks.
For example, to influence the Bitcoin network, users must expend energy through the use of a computer’s processing power. To have anything more than a negligible influence over the Bitcoin blockchain requires extremely high up-front costs, as the size and scale of Bitcoin’s decentralized mining network is substantial. Large-scale Bitcoin mining operations exist all over the world and operate as fully-fledged multi-million-dollar businesses. Against such competition, an attacker is unlikely to gain enough hash rate to affect the network, as the feasibility and costs associated with such an attack would be unreasonable.
Not all blockchains are secured by proof-of-work, however. Some blockchains use proof-of-stake consensus algorithms, where traditional miners running high-powered and expensive computers are replaced by stakeholders effectively staking their coins or tokens to validate transactions and create new blocks.
Additionally, networks like Bitcoin are validated by a decentralized network of nodes — which are low-cost and able to be operated by virtually anybody with an internet connection. This makes it very difficult for one entity to control most of the network’s nodes because there are simply too many and are distributed across the globe.
Centralized and non-blockchain networks, meanwhile, often combat Sybil attacks via ID verification, a referral-only system, probationary periods, and/or a reputation system. Other platforms monitor IP addresses, require the use of two-factor authenticated security codes, and other means of stopping one entity from controlling multiple accounts.
For example, most regulated cryptocurrency exchanges require that users verify their identity to comply with AML and terrorist financing regulations. They also usually disallow the usage of multiple accounts in their terms of service agreements, which is frequently expressed in the rules governing individual trading competitions, giveaway lotteries, and other cryptocurrency exchange promotions.
Failure to prevent Sybil attacks
Bitcoin has proven very difficult to attack via Sybil or a 51% mining attack. However, other altcoins with less hash rate backing them may be susceptible to manipulation and double-spends through 51% attacks. Some altcoins that have suffered from one or more 51% attacks include Ethereum Classic (ETC), Bitcoin Gold (BTG), Vertcoin (VTC), and Verge (XVG).
In the case of Ethereum Classic, an attacker purchased hash rate for less than $200,000 and gained majority control over the Ethereum Classic mining network. The wrongdoer was able to mine 4280 blocks while creating private transactions that were unavailable to other miners. After the attack concluded, the transactions became public and resulted in a fork.
When all was said and done, the 51% attacker was able to mine roughly $65,000 in ETC block rewards while netting more than $5.5 million in double-spent transactions — making the initial upfront cost of $200,000 for hash rate trivial.
Shortly after, the Ethereum Classic network was again 51% attacked. The second attack also resulted in significant double expenditures.
The 51% attacks against Bitcoin Gold, Verge, and Vertcoin were not entirely dissimilar — as an attacker was ultimately able to successfully double-spend and cause undesired forks in the blockchains.
The primary problem with 51% attacks and Sybil attacks in the blockchain space is that they result in the loss of user and exchange funds.
They also undermine the confidence in the attacked blockchain’s security and, by extension, viability. Attacked cryptocurrencies almost always see a dramatic decline in value following a 51% or Sybil attack. Many are delisted from exchanges that no longer wish to support an easily compromised cryptocurrency.
Because of this, it can prove challenging for newer and up-and-coming blockchain-based projects to secure their distributed ledgers through the proper decentralization of power. With proof-of-work blockchains, users are able to purchase hash rate with relative ease and launch an attack on a less-secure cryptocurrency.
51% attacks and Sybil attacks have spurred on the development and popularity of proof-of-stake blockchains, which theoretically require attackers to spend more upfront on enough coins or tokens to gain a majority share of the total staking power.
Though Sybil attacks have been problematic throughout the history of blockchain technology, they stand to become less so as the entire industry and space transition into a more decentralized ecosystem — rife with decentralized finance (DeFi), decentralized exchanges (DEXs), and more proof-of-stake blockchains.