A Sybil attack occurs when one user takes on multiple false identities, known as Sybils, to disrupt or otherwise gain control over a network. With increasing ways to create fake identities online and the rising popularity of Distributed Denial-of-Service (DDoS) attacks, this may be one trend to watch out for in the coming years.
So what does a Sybil attack actually involve? Is there anythingyou can do to protect yourself?
What Is a Sybil Attack?
A Sybil attack, also known as an Identity or Reputation attack, is an online security threat in which an entity creates multiple nodes, accounts, or machines intending to take over a network. It could be something as simple as using multiple accounts on a social media platform or as dangerous and complex as hacking into a high security network.
It’s used in cryptocurrency too. In the case of blockchains, it means running multiple nodes for illegal purposes. There are two types of Sybil attacks. A direct Sybil attack occurs when honest nodes are under the direct influence of Sybil nodes; meanwhile, an indirect Sybil attack happens when honest nodes receive the attack from another honest node under the influence of a Sybil node, making the attacking/compromised node the middle node.
The term “Sybil” comes from the case study of an artist named Shirley Ardell Mason, aka Sybil Dorsett, who was diagnosed with Multiple Personality Disorder.
How Can Sybil Attacks Affect Blockchains?
A Sybil attack can cause a lot of havoc on a blockchain. Here are the most common problems it can create.
Stop People From Accessing or Using the Network
A well-coordinated Sybil attack can generate sufficient identities that allow perpetrators to out-vote honest nodes. This will lead to transmission failure or inability to receive blocks.
Execution of a 51 Percent Attack
A well-coordinated Sybil attack can provide a threat actor with access and control to more than half (i.e. 51 percent) of the total computing power. This can damage the blockchain system’s integrity and lead to potential network disturbance. A 51 percent attack can change the order of transactions, reverse transactions in favor of the Sybil attack actor (double spending), and prevent transaction confirmation.
How Is a Sybil Attack Deployed?
There are several ways through which Sybil attack actors deploy this online security threat. These are the two most common forms.
The 51 Percent Attack
This involves preventing, reversing, or changing orders of certain transactions so much that it leads to double-spending and even non-confirmation of legitimate transactions. Double-spending occurs when a user spends the same funds more than once by duplicating the digital money and sending these duplicates to multiple recipients. This could lead to a total collapse of the digital monetary system if measures aren’t implemented to prevent this behavior.
This becomes possible because the attacker controls at least 51 percent of the network’s computing power (also known as hash rate).
Out-Voting of Nodes
Legitimate nodes (known as honest nodes) can be out-voted by fake identities if there are enough of them in the system. Just like an eclipse attack, this often leads to other honest users being blocked if the Sybils are no longer transmitting or receiving blocks.
How to Prevent a Sybil Attack on a Blockchain
Many blockchains use Consensus Algorithms as a form of defense against attacks. While an algorithm does not in itself prevent an attack, it makes it very costly for an attacker to deploy one.
Here are the three most commonly used consensus algorithms.
Proof of Work (PoW)
This is the oldest and most dominant algorithm developed as a mechanism to prevent double-spending.
Proof of Work (PoW) ensures that this doesn’t happen. It is designed to use computing power to hash a block’s data to check if the hash matches certain conditions. If the conditions are met, you will be rewarded with crypto coins and the transaction fees from the new block mined. However, this computing power will cost you something (e.g. electrical power)—as well as the multiple failed attempts deployed to hash the data that will mine the block.
Also, remember that the hardware (an Application-Specific Integrated Circuit, known as the ASIC) used to maintain the network of mining nodes is expensive. Proof of Work was introduced to Bitcoin in 2008 by Satoshi Nakamoto and remains the most secure and fault-tolerant of all the algorithms.
Proof of Stake (PoS)
Proof of Stake (PoS) is a favorite alternative to Proof of Work because instead of using computing power, the mechanism requires you to stake coins. While PoW is the most dominant (because it is considered the most secure and reliable), PoS is currently the most popular for blockchain networks.
It was introduced in 2011 as a solution to the problems associated with PoW; users have to go through a lot of computation to prove their work in order to mine blocks. PoS, on the other hand, simply requires that you show proof by using your staked coins, thereby addressing PoW’s biggest issue—the cost of mining.
The mechanism’s system uses Staking Age, Element of Randomization, and Nodal Wealth as factors to select validators who must then stake a certain amount of coins into the network to be able to forge blocks (though used interchangeably, “Mine” is the term used in PoW, while “Forge” is the PoS term).
PoS can improve security since an attacker must own 51 percent of the coins. This makes it expensive for the attacker, especially in the event of failed attempts, which will equate to a massive loss (but not necessarily in the case of low market cap blockchains).
It also improves decentralization and scalability, i.e. the limit set for the number of transactions per second. Networks that use PoS include Avalanche, BNB Chain/Smart Chain, and Solana.
Delegated Proof of Stake (DPoS)
Introduced in 2014 by Daniel Larimer, Delegated Proof of Stake (DPoS) is a popular alternative to PoS. DPoS is considered a more efficient version of PoS, especially as it is more scalable, meaning it processes more transactions per second.
DPoS uses a voting system that allows users to outsource their work to delegates (or witnesses), who will then secure the network on their behalf. The stakeholders can vote for the delegates according to the number of coins each user has.
These delegates are responsible for securing consensus in mining and validating new blocks. When the rewards come in, they are proportionally shared between the stakeholders and their delegates.
Since this algorithm is based on a democratic voting system, it is effectively dependent and functional on the reputation of delegates, who will be expelled from the network if their nodes don’t function efficiently or ethically. Examples of networks that use DPoS include Ark and Lisk.
Sybil Attack: The Multiple Identity Attack
Sybil’s attack is one of the many ways of hacking into a system and causing disruption in network activities. The cybercriminal creates fake identities called Sybils that they use to gain access and, sometimes, control over a network. To battle data theft and hacked network systems, you need to invest in strong data security measures.