What is a Sybil attack?
In computer science, a Sybil attack is a security breach that tricks an application into believing multiple sham accounts are genuine. Typically, Sybil attackers create countless fake accounts to corrupt a system. If successful, these attackers can manipulate a site to their advantage.
Microsoft researchers Biran Zill and John R. Douceur are credited for defining the Sybil attack in the early 2000s. Zill chose the name "Sybil" in reference to the psychological case study of Sybil Dorsett in Flora Rheta Schreiber's book Sybil. Dorsett had dissociative identity disorder, which relates to how Sybil attacks involve a single entity that takes on "multiple identities."
Types of Sybil attacks
All Sybil attacks work by tricking honest nodes into believing multiple fake accounts are valid, but attackers don't always manipulate accounts directly. Instead, hackers rely on the following two ways (or one of these) to use a Sybil attack:
- Direct attacks: With a direct Sybil attack, malicious nodes interact with legitimate accounts. Once enough honest nodes on the network verify these fake accounts, it becomes easy for an attacker to override or exercise power in a system.
- Indirect attacks: Unlike direct attacks, an indirect Sybil attack relies on intermediary accounts to spread false data. When these communication lines are corrupted, legitimate nodes are more vulnerable to the attacker's exploits. Since this technique doesn't involve direct interaction with other nodes, it's often harder to pinpoint who's responsible for this attack.
What can Sybil attacks accomplish?
The ultimate goal of any Sybil attack is to take over a network, although not all Sybil attackers are interested in re-writing transactions for money. Here are a few potential reasons hackers use a Sybil attack strategy:
- Block honest network participants: A successful Sybil attacker can use their influence to restrict access to valid users. Honest nodes may find it challenging to access a network once a Sybil attacker takes over.
- Re-write transactions: In many crypto attacks, hackers manipulate the blockchain's transaction data to reward themselves with free crypto. The attackers typically funnel this crypto into a wallet and try to quickly swap it for cash on centralized exchanges (CEXs) or decentralized exchanges (DEXs).
- Gain disproportionate voting power: Most proof-of-stake (PoS) blockchains and dApps (decentralized apps) have smart contract-based voting procedures, which makes them more prone to manipulation during a Sybil attack. If one entity controls more than 50% of the nodes on a blockchain, it can dictate the results of blockchain improvement proposals.
- Compromise user privacy: Bad actors may use Sybil attacks to track personal data like IP (internet protocol) addresses. This goal is prevalent on privacy-focused networks like Tor or anonymous crypto projects like Monero.
- Spam platform: On certain platforms, bad actors create accounts en-mass and continue to spin accounts when they’re banned. These banned accounts can do anything from scamming users to pushing foreign government agendas.
Defenses against Sybil attacks
Although completely eliminating the risk of Sybil attacks is difficult, there are a few ways networks can increase their Sybil resistance:
- WorldID and Zero Knowledge: Worldcoin is developing a new eye-scanning technology called the Orb to reduce the incidence of Sybil attacks. Using this WorldID system, we can verify there’s a unique individual behind crypto wallets and other web addresses without collecting personal information. Since this verification doesn’t require KYC verification, it’s sometimes called “zero knowledge proof.”
- Algorithmic detection: Computer scientists and blockchain developers have been working on algorithms that constantly monitor Sybil nodes in P2P networks. Often, these algorithms look for behaviors that deviate from the standard operations. If these algorithms sense issues, they may issue a warning or automatically implement safeguards.
- KYC requirements: Short for know-your-customer, KYC is a set of ID requirements that link an account with a specific person or business. Since most blockchains prefer to preserve user anonymity, it's rare for projects or self-custodial crypto wallets to enforce KYC requirements. However, KYC is a standard feature on CEXs.
- Proof-of-personhood (PoP) authentication: Like KYC, PoP tests help verify a unique individual is behind each node on a P2P network. Instead of requiring sensitive ID information, a PoP test uses AI technologies to screen out robots. Users may have to solve a Captcha puzzle or scan a QR code before interacting with other nodes.
- Create node ranking systems: Some P2P networks may give nodes with a strong reputation in the community greater authority over a protocol. While this concentrates a network’s power into a few hands, it also makes it easier for these nodes to kick out potential Sybil nodes. Also, since it takes more time and investment to become a high-ranking node, it's less cost-effective for Sybil attackers to bother with these P2P sites. VeChain is one example of a cryptocurrency that uses a proof-of-authority algorithm.
Examples of Sybil attacks
Fortunately, at the time of writing, major blockchains like Bitcoin and Ethereum have never experienced Sybil blockchain attacks, but here are a few of the many examples of this phenomenon in the crypto ecosystem:
- Russian bot attacks: According to intelligence experts in the U.S. government, Russia might have used Sybil attacks during the 2016 election. Allegedly, the Russian government employed “bot farms” to spread political info on American social media sites. The increase in these polarizing posts on social media may have been used to influence voter opinions.
- Twitter bots: Even before Elon Musk bought Twitter, there has been speculation over how many user accounts are genuine. According to Twitter’s official press release, about 5% of user activity could be associated with bots. However, Elon Musk believes as much as 20% of Twitter accounts could be related to Sybil attacks.
- Potential video game scams: Researchers have discovered certain video game products like augmented reality headsets can be vulnerable to Sybil attackers. New games that use metaverse networks may be especially prone to Sybil scams due to their open-source codes. Video game sites like Discord are also susceptible to bot scams like Twitter.
- Distributed denial-of-service (DDoS) attack: DDoS attacks could be considered a Sybil attack since both involve flooding a server with artificial traffic. In a DDoS attack, hackers try to compromise a website or internet protocol by suddenly increasing regular traffic. DDoS attackers often use bots and compromised nodes to take over a server.
- Monero Sybil attack of 2020: As the largest privacy-focused cryptocurrency, Monero (XMR) is a prime target for hackers interested in interfering with user anonymity. In 2020, the Monero team revealed a Sybil attacker attempted to override the network and link IP addresses with transaction data. However, it appears Monero's privacy algorithms mitigated most of the damage from this attack.
- Sybil attack on Verge in 2021: Like Monero, Verge (XVG) is a privacy cryptocurrency. In 2021, a Sybil attacker successfully spoofed Verge's blockchain and deleted 200 days of XVG transaction data.
- Ethereum Classic 51% attacks in 2020: Ethereum Classic (ETC) was the original PoW Ethereum chain before the DAO hack of 2016. In this attack, hackers exploited smart contract bugs on Ethereum’s first DAO to drain roughly $60 million. In response, developers decided to create a “new” Ethereum (today’s ETH) to reimburse DAO investors. Those who didn’t agree with creating another Ethereum chain kept running the original ETC network. Throughout its history, ETC has suffered many 51% attacks. In 2020, ETC hackers successfully stole millions of dollars worth of ETC coins. Alternatively, a Sybil attacker reorganized ETC blockchain transactions and stole roughly $5.6 million worth of ETC.
- Sybil attack on Tor in 2014: Although the privacy-focused Tor network isn't a blockchain, many prominent crypto projects use this open-source protocol, like Web3-focused Brave Browser has Tor integrations. In 2014, the Tor Network fell victim to a Sybil attack that introduced more than 100 malicious nodes at the critical entry level. Tor developers contained this issue in July 2014, but the hack compromised the personal information of thousands of users.
As networks like Bitcoin grow more decentralized, it's less likely a Sybil attack will impact large cryptocurrencies with a strong community. But that doesn't mean the crypto ecosystem is not at risk. All crypto projects must have their guard up when it comes to Sybil attacks to avoid severe data breaches.
At Worldcoin, we aim to resolve the issue of Sybil attacks in crypto with our revolutionary Orb technology. This eye-scanning device can verify there's a person behind a crypto address while maintaining their privacy and anonymity. This way, honest nodes can operate in Web3 without giving away their personal information. Subscribe to our YouTube channel to learn more.