Select Page

Blockchain technology is a very secure technology, but it is not perfect, and one of the attacks that can affect this type of network is the Sybil Attack.

This is a curious vulnerability that can have a huge impact on blockchain networks, allowing the attacker to have a greater presence on the network by taking on false identities for himself.

An unknown perpetrator initiated the famous Sybil attack (along with the traffic verification attack) on the anonymous Tor network for a few months in mid-2014, which was first recognized in January 2014.

In recent years, the cryptocurrency world has seen its fair share of high-profile attacks on various blockchains and projects. That is why today we will analyze the Sybil attack, highlighting its meaning and mode of operation, to learn how to avoid it.


What are Sybil’s Attacks?

A Sybil attack uses a single node to operate many active fake identities (or Sybil identities) simultaneously, within a peer-to-peer network. This type of attack aims to undermine authority or power in a reputable system by gaining the majority of influence in the network.

False identities serve to provide this leverage. A successful Sybil attack provides threat actors with the ability to perform unauthorized actions on the system.

For example, it allows a single entity, such as a computer, to create and operate multiple identities, such as user accounts and accounts based on IP addresses. All these fake identities, trick systems, and users into perceiving them as real.

The name of this attack was inspired by a 1973 book called Sybil, a woman diagnosed with a dissociative identity disorder. In the context of attacks, the term was originally coined by Brian Zill and initially discussed in an article by John R. Douceur, both at Microsoft Research.

Through the use of multiple fake user accounts, a malicious entity can harness more centralized power in a network intended to be decentralized, influence majority opinion on social media platforms, cast fraudulent votes in a democratic governance process, etc.

What problems can Sybil’s attacks cause?

Here are several problems that a Sybil attack can cause:

Block network users: A Sybil attack that creates enough identities allows threat actors to outvote honest nodes and refuse to transmit or receive blocks.

Carry out a 51% attack – A Sybil attack that allows a threat actor to control more than half (51% or more) of the total hash rate or computing power of a network.

This attack damages the integrity of a blockchain system and can cause a network outage. A 51% attack can change the order of transactions, reverse actor transactions to allow double spending, and prevent confirmation of transactions.


Real-Life Examples of Sybil Attacks

In principle, we believe that technology has allowed us to have a safer world. To a certain extent, this is true, but the technology is not perfect and there are vectors to violate all kinds of systems.

In this sense, we can say that absolute security does not exist. And in all of this, the Sybil attack is a good example.

For example, peer-to-peer (P2P) systems base their operation on a decentralized and distributed network. One in which each node of the network is managed by different identities scattered around the world.

This fact makes their networks complex to attack and fully compromise. This level of resistance is perfect for critical systems and is the reason why blockchain and cryptocurrencies use it.

After all, they are secure, stable, scalable, censorship-resistant, and highly available.

However, what happens if the enemy pretends to be a friend and multiplies on the network using false identities? It is precisely a Sybil Attack, and the first to describe it was John R. Douceur.

Depending on the P2P system, this can mean large investments, such as Bitcoin, where mining hardware must be purchased to affect the network. In other systems, the cost could be practically nil.

For example, those where decisions are made by vote of those who are part of the network. In these cases, the attacker could create thousands of fake accounts controlled by the same individual and influence network decisions.

In all cases, the vehicles or forms of attack vary depending on the network and its operational structure.

An example of a Sybil Attack can be seen in the breach of the Tor network. This network works based on a P2P model in which its nodes guarantee that you can surf the internet anonymously.

However, it is possible that a malicious or surveillance entity (such as the NSA) could pass off tens, hundreds, or thousands of nodes as trusted, completely undermining their security.

This is because the entry and exit nodes would be controlled by the NSA and in this way, it could monitor the network traffic of all those who make use of these compromised nodes.

This attack example is more practical than theoretical. In fact, in 2014 the Tor network was the victim of such an attack.


How are Sybil Attacks Detected? (Prevention)

Here are the ways Blockchain can prevent Sybil attacks:

  • Identity Validation – Identity validation can help prevent true Sybil attacks by revealing the identity of hostile entities. Validation is based on a central authority that verifies the identity of entities in the network and can perform reverse lookups. Identities can be validated directly or indirectly:Direct validation means that the local entity consults a central authority to validate the identities of remote entities. While indirect validation means that the local entity relies on previously accepted identities so that others in the network “guarantee” the authenticity of a remote identity.



  • Social Trust Graphs – Sybil attacks can be prevented by analyzing connectivity data in social graphs. This can limit the scope of damage from a specific Sybil attacker while maintaining anonymity.There are several existing techniques, including SybilGuard, SybilLimit, and Advogato Trust Metric. Another way to use social graphs to prevent attacks is to compute a scarcity-based metric to identify suspicious Sybil clusters in distributed systems.These techniques are not perfect and are based on certain assumptions that may not be true for all social networks in the real world. This means that P2P networks that rely on social trust graph techniques may still be vulnerable to Sybil attacks on a small scale.


  • Economic Costs – Economic costs can function as artificial barriers to entry that make a Sybil attack much more expensive. For example, investments in resources such as staking or storage in existing cryptocurrencies and implementing Proof of Work (PoW) are required.PoW requires each user to provide proof that they expended computational effort to solve a cryptographic puzzle.In permissionless cryptocurrencies like Bitcoin, miners compete to add blocks to a blockchain.They get rewards roughly in proportion to the amount of computational effort they have expended over a given time.



  • Identity validation – P2P networks may require identity verification and institute a “one entity per person” rule. A validating authority can use a mechanism that does not require knowing the real identity of the participants.For example, users can verify their identity by being present at a certain time and place (known as a pseudonymous party).This type of personality test is a promising way to validate identities in blockchain and cryptocurrency networks without permission. They could maintain anonymity and ensure that each human participant gets exactly one vote.


  • Application Specific Defenses – Several distributed protocols have been developed that have inherent protection against Sybil attacks. These include…
    • SumUp y DSybil: Sybil resistant online content recommendation and choice algorithms.
    • Whānau: a distributed hash table algorithm with integrated Sybil protection.
    • Kademlia: the I2P implementation of this protocol can mitigate Sybil’s attacks.



Although Sybil attacks have been problematic throughout the history of blockchain technology, they will become less so as the entire industry and space transition to a more decentralized ecosystem, replete with decentralized finance (Defi), decentralized exchanges (DEX), and more tests.

Even though there are no foolproof defense mechanisms against Sybil attacks, the number of Sybil attacks on the blockchain has decreased significantly over the years.