It is evident how different blockchains have been targeted via several attacks in the past (51% attacks, eclipse attacks, phishing attacks), the Sybil attack being one of the most impactful and common attacks these days.
Did you know the name Sybil is derived from the title of a 1973 novel by F. R. Schreiber in which the main character suffered from dissociative identity disorder, which caused her to assume several identities?
In these attacks, blockchain anonymity comes into play and benefits the attackers. This helps them in creating a wide array of malicious accounts. Though these account doesn’t let them break the consensus, they can harm the blockchain in multiple ways.
In this blog, we will walk you through a brief about the Sybil attack, how the attackers use it, the types, and problems they cause, how they pose a threat to blockchains, and how we can prevent them.
So, let us get started.
Inside a Sybil Attack
We all know that the blockchain protocol is pseudonymous. Naturally, there are no real-world entities on it. Different blockchain addresses are derived from private keys used to identify a user on the blockchain.
Private keys are random numbers that make it easier for users to create more than one account. Users can easily use these multiple accounts for benign motives.
This is what is done in a Sybil attack. The attacker creates multiple blockchain accounts to pose a threat to the blockchain.
Now, let us get to the Sybil attack meaning in detail.
These are malicious attacks on peer-to-peer (P2P) networks. In this assault, a single individual operates numerous identities simultaneously to influence network behavior.
Initially employed by hackers to acquire control of P2P networks, these attacks have become very common in blockchain technology.
In current times, it can be one of the most effective means of taking over a system, such as BitTorrent’s Mainline DHT. They can be used to alter network results or to interrupt network operations completely.
Types of Sybil Attacks
Let us give you a closer look at how these attacks work. Sybil attacks can be categorized into two main types, which are:
It is the most straightforward attack. In this, one or more node is responsible for spoofing different nodes within the network. Known as Sybil nodes, they imitate an authentic node.
Other actual nodes end up connecting directly with the Sybil nodes during a direct attack. Because the genuine nodes are unaware that the Sybil node is a fake, they interact with it directly and take influence from the Sybil nodes.
In such attacks, there is a role of both Sybil and normal nodes. However, there is no direct interaction between the normal and fake nodes; instead, A Sybil node influences that node that is in the middle of the network.
As a result, this affected node now acts as a malicious node that interacts with other nodes in place of the Sybil node. An indirect attack allows the Sybil node to impact the network while remaining undetected.
Problems that Sybil Attack causes
It is quite common to think about why you should be concerned about these attacks. A few false entities might not seem to be very harmful to you, but in the long run, they can destroy a network completely!
Here are a few ways how Sybil Attacks cause problems.
Block users from a network
One of the major concerns that people have regarding these attacks is that it creates a lot of fake identities to affect the authentic network nodes.
Once they have all the control, they can impact every activity within the network. It’s up to the Sybil nodes whether to refuse or accept transmit or receive blocks in the network. Naturally, this way, it is easier to block users from accessing the network.
Did you know the Sybil attacks can cause a drop in the values of cryptos temporarily?
Disrupt the network with 51% attacks
When 51% or more of the nodes in a network are false nodes, it gives way to the 51% attacks. As a result, the dishonest nodes disrupt the remaining honest nodes.
The attack may be used to prevent transactions from being confirmed, request new transactions, or even reverse transactions, resulting in double-spending. For example, in August 2021, Bitcoin SV was subjected to a 51% assault, allowing malevolent miners to double-spend BTC. This resulted in a 4% drop in BSV values.
Because nodes are in charge of managing the flow of information inside a network, each hacked node poses a privacy risk. A Sybil node can be used to gather information about other network nodes. At the absolute least, a Sybil attack can collect users’ IP addresses in order to establish new fake nodes.
When this privacy breach is used on a P2P model like the Tor network, the impact becomes larger. Sybil nodes can be used to transfer data and check the network traffic.
From 2017 to 2020, 900 servers were utilized in a massive attempt to find the data of hundreds of Tor users. As a result, the fundamental objective of Tor, which was to provide anonymity, was undermined.
How do Sybil Attacks Pose Threat to Blockchains?
Now that we know that these attacks majorly concern P2P systems and since a blockchain is a combination of decentralized P2P networks, it is obvious that Sybil Attacks do pose threats to the blockchain.
However, the question which might come to your mind is, are all the blockchains prone to such attacks? Well, not really.
Generally, it is seen that smaller blockchains are more susceptible as compared to bigger blockchains. The reason is that in bigger blockchains like Bitcoin, there will be huge costs that the attacker would have to incur to add fake nodes in it. He will not get much time to make alterations since blocks are added rapidly in larger blockchains.
Now, let us proceed to Sybil Attack prevention.
Sybil Attack: How to prevent it?
Irrespective of whether the blockchain is big or small, you can prevent it in many ways. Let us discuss a few of those ways below:
Create a reputation system
Because this form of assault is typically carried out by a flood of new identities, one method for limiting attacks is to establish a reputation system in which various members have varying amounts of influence. Those who have been in the system for a long time often have the capacity to execute more interactions.
Validate the identites
Multiple techniques are used to validate the identities. While some blockchains rely on direct validation, others depend on indirect validation.
The table below shows the difference between the two.
|Direct Validation||Indirect Validation|
|Each new identity is validated by a central authority.||Previously accepted identities advocate for new identities|
|Requires new users to provide information such as a phone number, IP address, or even a credit card||Is more resistant to identity proxies like phone number, IP address, credit card, etc.|
|Simple, fairly-reliable and fast||Time-consuming|
|More susceptible to IP address spoofing||Less susceptible to IP address spoofing|
Use Social Trust Graphs
A social trust graph operates by carefully evaluating node connection data. These tools closely monitor blockchain activity in order to identify and stop problematic nodes.
With social trust graphs, a variety of methodologies are employed. Some employ sparsity-based metrics, whilst others examine user qualities within a topological framework. The graphs then attempt to segment the network using Sybil nodes while preventing them from changing honest nodes. These activities are carried out using a variety of tools, including SybilRank, SybilLimit, and SybilGuard.
A Sybil attack in the blockchain is one of the most serious risks to current blockchain technology. These cyber-attacks have the potential to harm cryptocurrency prices, steal funds, and compromise user privacy.
Most preventative tactics merely make the expense of an attack prohibitively expensive, but these methods do not ensure security. If you wish to avoid the harmful consequences of these attacks, blockchain networks must carefully design their systems and integrate additional types of user verification security.
Verge suffered a massive Sybil attack in 2021! Don’t you want to save your funds from this attack? Learn more about the attack, its types, prevention, etc.