A Sybil attack is an online security breach where a hacker utilizes multiple accounts, nodes, or systems to take over a particular network. Blockchain Sybil attacks of cryptocurrencies are carried out by running numerous nodes on a network to achieve majority, at least 51%, control over the network. Once this is achieved, bad actors can carry out an array of mischievous and fraudulent activities to destabilize the integrity of blockchain's network. While it is almost impossible to avoid Sybil attacks altogether, blockchain protocols have developed various methods to combat such attempts. In this article, we take a deep dive into the nature of Sybil attacks, what they can do to cryptocurrencies, like Bitcoin and Ethereum, and how to prevent them.
There are two types of Sybil attacks; indirect and direct. Direct attacks occur when real network nodes are taken hold of or are manipulated by a Sybil node. Indirect attacks occur when real network nodes are in direct communication with Sybil nodes. In this instance, the intermediary (middle node) is manipulated by a Sybil node. Whichever way a Sybil attack happens, once the nodes are compromised, attackers can carry out malicious acts such as:
Blockchains work on a distributed consensus system where network participants vote on changes and activities in the network. During a Sybil attack, hackers can create fake identities to manipulate voting in their favor while blocking others from using the blockchain network of a cryptocurrency.
If attackers gain control over more than 50% of the network, acquiring the majority of the hash rate and computer output, they can wreak havoc. From altering and reversing transactions to double spending funds, Sybil attacks could threaten the entire stability of a cryptocurrency's blockchain network.
Blockchain mechanisms such as Proof-of-Work and Proof-of-Stake have been utilized as solutions to such problems. While unable to prevent Sybil attacks, they can make them infinitely more difficult to carry out.
Since a miner's ability to create blocks is directly correlated to the amount of computing power they have, trying to control a large portion of a network would require a massive amount of equipment paired with astronomical power costs. If an attack has already been carried out, the network could be rolled back to a point in time before the attack took place. Such an action would essentially act as a time machine, reversing fraudulent transactions. However, this would not prevent another attack from happening by the same attacker or other attacks in the future.
Similar to PoW, a network could be rolled back in case of an attack. Also, with PoS, the hacker would be blacklisted, and their funds would be deleted from the network. This would simultaneously increase the value of the remaining coin's supply making each subsequent attack more expensive than the last to carry out.
Aside from these two methods, there are also certain preventative measures developers can take as well. Direct validation allows existing members to verify new participants into a network, while indirect validation allows existing members to grant administrative rights to other members.