Sybil Attack: Dissociative Identity Disorder in Blockchain

The title is taken from a book by Flora Schreiber about a young woman, Sybil Dorsett, who suffered from a dissociative identity disorder. The term was coined by computer scientist Brian Zill.

A Sybil attack is an attack on a decentralized network where a hacker runs a computer node and creates multiple identities based on it. Then they distribute malicious data to honest nodes to gain control over the blockchain. Most often, manipulations come down to the theft of funds.

Just as one person can create multiple social media accounts, in the blockchain, a user can own multiple IDs that belong to different nodes. Outwardly, it is impossible to determine that there is one user behind them; they look unique.

This feature is needed to share a large number of resources, create block copies, or check the data integrity. The negative side is the ability to carry out Sybil attacks.

Although achieving complete control over all nodes is impossible, this is not necessary for an attacker. It is enough for him to gain a foothold in the network and transmit incorrect information from allegedly different nodes to loyal nodes so that they take it as valid and transmit it further. Over half of the network participants who confirmed hostile transactions would be enough to launch an attack.

The Sybil attack will primarily target those blockchains that have few node requirements. If launching a node does not require additional funds, effort, skills, and considerable computing power, it will be easy for an attacker to take over the system.

Peer-to-peer networks are particularly susceptible to Sybil attacks because they do not require their nodes to prove that they are interested in acting honestly regarding the blockchain ecosystem. If the registry trusts the nodes for no reason, it can be easily manipulated for malicious purposes.

The first barrier to this type of hack is consensus algorithms.

A Sybil attack is hard to carry out on a blockchain backed by a Proof-of-Work consensus. It assumes that the participant must prove their competence by performing complex equations requiring a powerful computer to solve. Only in this case can it affect the blockchain. Therefore, it is almost impossible for a hacker to take control of more than half of these blockchain-type nodes.

Other algorithms also minimize the risk of hacking. For example, Proof-of-Authority. It is a reputation-based consensus algorithm – each network member has their own level of authority and trust. Suppose the user has long supported the functioning of the blockchain and has proven authority. In that case, more actions are available to him within the blockchain structure. In addition, in such blockchains, transactions can only be verified by trusted users.

Proof-of-Stake also protects against a Sybil attack. Participants need to lock up (stake) their coins in the blockchain network that reach a consensus on proof of stake. Therefore, the hacker will have to transfer a considerable amount of funds to the blockchain every time they create a new ID, which can burn out if it is discovered. In general, when the cost of preparing and implementing an attack can exceed the potential profit, the risk of its occurrence is reduced.

Finally, blockchains may require users to verify their identity before running a node. This may include providing a credit card number or IP address or enabling two-factor authentication. In other networks, new members may not be required to do all of the above but will be asked to pass a test to confirm that they control only a few nodes.

While blockchains make payments easier through decentralization, they remain vulnerable to hacking due to their peer-to-peer structure. However, as more cases of theft from the blockchain appear, the number of security measures increases. Typically, a Sybil attack is a problem for smaller networks and newcomers to the market. Large blockchains hardly suffer from these hacks, as they have many nodes and validators.