A Sybil attack occurs when a user takes on multiple false identities, known as Sybils, to disrupt or otherwise gain control of a network. With increasing ways to create fake identities online and the growing popularity of Distributed Denial-of-Service (DDoS) attacks, this could be a trend to watch out for in the coming years.
So what exactly does a Sybil attack entail? Is there anything you can do to protect yourself?
What is a Sybil attack?
A Sybil attack, also known as an identity attack or reputation attack, is an online security threat in which an entity creates multiple nodes, accounts or machines that intend to take over a network. It can be something as simple as using multiple accounts on a social media platform or as dangerous and complex as hacking into a high-security network.
It is also used in cryptocurrency. In the case of blockchains, that means running multiple nodes for illegal purposes. There are two types of Sybil attacks. A direct Sybil attack occurs when honest nodes are under the direct influence of Sybil nodes; meanwhile, an indirect Sybil attack occurs when honest nodes receive the attack from another honest node under the influence of a Sybil node, making the attacking/compromised node the middle node.
The term “Sybil” comes from the case study of an artist named Shirley Ardell Mason, also known as Sybil Dorsett, who was diagnosed with multiple personality disorder.
How might Sybil attacks affect blockchains?
A Sybil attack can wreak havoc on a blockchain. Here are the most common problems it can cause.
Stop people from accessing or using the network
A well-coordinated Sybil attack can generate sufficient identities to allow perpetrators to vote over honest nodes. This will result in transmission errors or the inability to receive blocks.
Execution of a 51 percent attack
A well-coordinated Sybil attack can give a threat actor access and control to more than half (ie 51 percent) of the total computing power. This could damage the integrity of the blockchain system and lead to potential network disruption. A 51 percent attack can reorder transactions, reverse transactions in favor of the Sybil attacker (double spend), and prevent transaction confirmation.
How is a Sybil attack deployed?
There are several ways that Sybil attackers distribute this cyber security threat. These are the two most common forms.
51 percent attack
This involves preventing, reversing or changing the orders of certain transactions to the extent that it leads to double spending and even non-confirmation of legitimate transactions. Double spending occurs when a user spends the same funds more than once by duplicating the digital money and sending these duplicates to multiple recipients. This could lead to a total collapse of the digital money system if measures are not taken to prevent this behaviour.
This becomes possible because the attacker controls at least 51 percent of the network’s computing power (also known as hash rate).
Vote from nodes
Legitimate nodes (known as honest nodes) can be outvoted by fake identities if there are enough of them in the system. Just like an eclipse attack, this often results in other honest users being blocked if Sybils is no longer sending or receiving blocks.
How to prevent a Sybil attack on a blockchain
Many blockchains use Consensus Algorithms as a form of defense against attacks. Although an algorithm does not in itself prevent an attack, it makes it very costly for an attacker to deploy one.
Here are the three most commonly used consensus algorithms.
Proof of Work (PoW)
This is the oldest and most dominant algorithm developed as a mechanism to prevent double spending.
Proof of Work (PoW) ensures that this does not happen. It is designed to use computing power to hash a block of data to check if the hash matches certain conditions. If the conditions are met, you will be rewarded with crypto coins and the transaction fees from the new block. However, this computing power will cost you something (eg electrical power) – as well as the many failed attempts deployed to hash the data that will mine the block.
Also remember that the hardware (an application-specific integrated circuit, known as ASIC) used to maintain the network of mining nodes is expensive. Proof of Work was introduced to Bitcoin in 2008 by Satoshi Nakamoto and remains the most secure and fault-tolerant of all the algorithms.
Proof of Stake (PoS)
Proof of Stake (PoS) is a favorite alternative to Proof of Work because instead of using computing power, the mechanism requires you to stake coins. While PoW is the most dominant (because it is considered the most secure and reliable), PoS is currently the most popular for blockchain networks.
It was introduced in 2011 as a solution to the problems associated with PoW; users have to go through a lot of calculation to prove their work to be able to mine blocks. PoS, on the other hand, simply requires you to show proof by using your coins, thus solving PoW’s biggest problem – the cost of mining.
The mechanism’s system uses Staking Age, Element of Randomization and Nodal Wealth as factors to select validators who must then deposit a certain amount of coins into the network in order to forge blocks (although used interchangeably, “Mine” is the term used in PoW, while “Forge” is the PoS term).
PoS can improve security since an attacker must own 51 percent of the coins. This makes it expensive for the attacker, especially in case of failed attempts, which would equate to a massive loss (but not necessarily in the case of blockchains with low market capitalization).
It also improves decentralization and scalability, i.e. the limit set for the number of transactions per second. Networks using PoS include Avalanche, BNB Chain/Smart Chain and Solana.
Delegated Proof of Stake (DPoS)
Introduced in 2014 by Daniel Larimer, Delegated Proof of Stake (DPoS) is a popular alternative to PoS. DPoS is considered a more efficient version of PoS, especially as it is more scalable, meaning it processes more transactions per second.
DPoS uses a voting system that allows users to outsource their work to delegates (or witnesses), who will then secure the network on their behalf. The stakeholders can vote for the delegates according to the number of coins each user has.
These delegates are responsible for ensuring consensus in mining and validating new blocks. When the rewards come in, they are divided proportionally between the stakeholders and their delegates.
Since this algorithm is based on a democratic voting system, in practice it is dependent and functional on the reputation of the delegates, who will be expelled from the network if their nodes do not work efficiently or ethically. Examples of networks using DPoS include Ark and Lisk.
Sybil Attack: Multiple Identity Attack
Sybil’s attack is one of many ways to hack into a system and cause disruption to network activities. Cybercriminals create fake identities called Sybils that they use to gain access and sometimes control over a network. To combat data theft and hacked network systems, you need to invest in strong data security measures.
