What Is a Sybil Attack?

A Sybil attack attempts to dominate a peer-to-peer network by using a single node to simultaneously run many fake identities or accounts. A sybil attack can occur in any online peer-to-peer system, including social media platforms. An attacker tries to take over the network using multiple accounts to leverage more centralized power and influence majority opinion. This security threat is common to peer-to-peer networks, which makes it prevalent with the advent of blockchain as a decentralized peer-to-peer technology.

What Is a Sybil Attack?

Sybil Attack is a type of security breach in peer-to-peer systems in which a single entity—a computer system—can generate and activate multiple identities to undermine the network. The primary goal is to gain undue network influence to carry out illicit actions against the network guidelines and regulations. These numerous fake identities disguise themselves as real unique users but are under the control of a single entity or individual. The notion of this attack is traced to a 1973 book titled Sybil, in which a woman named Sybil Dorsett was diagnosed with Dissociative Identity Disorder. The term was later coined by Brian Zill and discussed in a paper by John R. Douceur to draw an analogy of multiple malicious accounts used by the attacker from Dorsett’s multiple personality disorder.

Sybil attack in blockchain involves operating multiple nodes on the blockchain network. A successful Sybil attack can block genuine users from the network by refusing to validate blocks or carry out a 51% attack by controlling most of the network. A Sybil attack is a severe threat to the blockchain as it can subvert the network’s reputation and trigger far-reaching damages such as double-spending.

How Does a Sybil Attack Work?

A Sybil attack is often initiated through the use of Honest (H), Sybil (S) and Attacker (A) nodes. The malicious entity launches the attack by creating multiple Sybil nodes and connects with the honest nodes. He disconnects the genuine connection of honest nodes to each other on the peer-to-peer network. Then, he assumes control over the network when he achieves a disproportionately large influence. Ultimately, the attacker uses the Sybil nodes to cause various threats that damage the reputation system of the network.

A Sybil attack may be launched in two ways, a direct Sybil attack and an indirect Sybil attack.

Direct Sybil attack:

The straightforward approach to this security assault is a direct Sybil attack. It begins with one or more nodes tricking other nodes in the network. These nodes, known as Sybil nodes, impersonate an authentic node in the network. Other honest nodes communicate directly with the Sybil nodes during a direct attack. Because the honest nodes are unaware that the Sybil node is a counterfeit, they interact with it directly and accept manipulation from the Sybil nodes.

Indirect Sybil Attack:

In an indirect attack, the malicious entity uses both normal and Sybil nodes. However, normal and fake nodes do not interact directly; instead, a Sybil node first attacks a middle node in the network. This affected node then turns malicious, communicating with other nodes fronting for the Sybil node. This attack allows the Sybil node to affect the network while remaining undetected.

Some Examples of Sybil Attack in Blockchain

Blockchains are susceptible to Sybil attack but with a varying degree of possibility. For example, big blockchains like Bitcoin are complicated and less likely to complete a 51% attack. The cost of adding the required number of fake nodes to dominate the network is far greater than the benefits. However, some other blockchains have experienced Sybil’s attack at one time or the other.

• An unidentified attacker used a Sybil attack in 2020 to disrupt the Monero network and link transactions to IP addresses. Though Monero mainly successfully stopped the attack, some private user information was still compromised.
• In 2021, Verge suffered a massive Sybil attack. The attacker was able to perform the most extensive blockchain reorganization ever. Over 200 days of transactions were erased. As a result, some exchanges halted the Verge wallet entirely.

Problems Caused by a Sybil Attack

Some of the problems caused by Sybil attack include:

1. Block users from a network: A successful Sybil attack overwhelms a peer-to-peer network creating enough fake identities that enables threat actors to outvote honest nodes and refuse to transmit or receive blocks.
2. Drop-in value: A sybil attack can trigger fear and lead to a drop in crypto value. As a result of this reality, some founders have had to review their algorithms to prevent Sybil attacks.
3. 51% Attack: This is a situation whereby an attacker controls most of the network and, therefore, can reverse transactions and gain undue economic gains through double-spending and other malicious actions.
4. Compromise privacy: Because nodes manage the flow of information within a network, any affected node poses a privacy risk. A malicious sybil node can be used to retrieve information about other network nodes.

This privacy breach becomes more dangerous when used on a peer-to-peer network like the Tor network. An attacker can use Sybil nodes to monitor network traffic and spy on data transfers. From 2017 to 2020, 900 servers were used in a widespread attack to discover the data of hundreds of Tor users. This attack, in turn, defeated Tor’s entire purpose, which was to ensure anonymity.

How to Prevent Sybil Attacks

These are some of the ways to prevent a Sybil attack, these includes:

1. Associating Costs with Identity Creation: Sybil attacks can be prevented by making it very costly to create a new identity. The cost will deter a potential attacker from creating multiple nodes to achieve a 51% attack. The potential gain from such an attack will not make up for the cost. This approach is similar to mining in Bitcoin, which requires so much processing power that creating fake nodes on the network is unappealing.

2. Using a Reputation System: Sybil attacks can also be prevented through a reputation system whereby privileges are given to participants according to how long they have been contributing to the network. Most Attackers create fake identities for immediate gain and may not have the patience to wait for long before they can manipulate the network. The waiting period in the reputation system will also give the honest participants more time to discover suspicious practices.

3. Through Personhood Validation: This method of preventing Sybil attacks is based on the strict validation of each created identity. This validation could be done through a test that ensures that the individual participants are human and aren’t in control of other nodes. The test could be a CAPTCHA test or chatting with another user. Another popular option is a pseudonym party, which requires users to go online at a designated time and website.

4. Using Social Trust Graph: Another approach is to use tools that analyze connectivity between nodes in a network. These tools can help identify malicious nodes and halt their activities.

Conclusion

Since blockchain uses peer-to-peer networks, it is possible to create several ungenuine nodes. Blockchain systems also hold valuable digital assets which attract attackers. An entity launching a Sybil attack aims to dominate the network to disrupt the flow of information, outvote genuine nodes and refuse to send or receive transactions once the system recognizes the fake identities. Small blockchain systems are more vulnerable to Sybil attacks, which may result in severe damage. Therefore, there is a need to attach an economic cost to such an attack and adopt other techniques to prevent it.