Blockchain Vulnerabilities: Sybil attack & 51% attack

What is a Sybil Attack

A Sybil Attack is based on creating multiple identities or nodes to obtain an unfair advantage or alter a system and Blockchain is not exempt from this vulnerability, although they rely on consensus mechanisms to validate transactions and guarantee the security of the network. The name “Sybil” is received thanks to the reference to the book Sybil Dorsett, which is a case study about a woman with multiple personality disorder. Similar to the movie Split.

A Sybil attack serves as a cornerstone for performing a 51% attack by allowing the attacker to create a large number of fake nodes, giving them the illusion of majority control. This is important because of how Consensus mechanisms work, for example Proof of Work (PoW), where computing power is the key factor in achieving consensus.

For example, in a blockchain network where the majority of nodes reach a consensus on the transaction history and it turns out to be valid. An attacker can launch a Sybil attack, creating hundreds of fake nodes. If these fake nodes, combined with any legitimate nodes they control, exceed 50% of the total nodes on the network, they can effectively launch a 51% attack, and acquire consensus control. While large-scale Sybil attacks on major Blockchains are particularly difficult due to their strong security mechanisms, they remain a potential threat, especially for smaller or less established blockchains.

Types of Sybil attacks

• Direct Sybil Attacks: This one is like an spoiled fruit around healthy fruit. Here the malicious nodes influence the network by directly communicating with honest nodes to take control of decision-making processes, voting procedures, or consensus mechanisms.
• Indirect Sybil Attacks: Aim to silently increase the reputation of the sybil nodes, they artificially increase the reputation of particular nodes, alter a network’s topology, or isolate certain parts of the network.

Sybil attack can have several negative consequences, including:

• Network control: The attacker can use their multiple identities to control the network consensus, allowing them to manipulate transactions or even stop the network entirely.
• Double Spending: The attacker can use their multiple identities to spend the same digital currency twice, which can lead to inflation and loss of trust in the network.
• Identity theft: The attacker can use their multiple identities to impersonate other users, which can lead to theft of funds or loss of network access.

But what do these “sybil nodes” look like?

A Sybil node might look pretty similar to a legit node, they can be a full node and they can also be validators, the difference is that they still have the main node functionalities to participate in the blockchain, for example: participate in the consensus and verify transactions. Sybil nodes just slightly modify the behavior so the core functionalities remain unaltered, for example they can reject all the transactions but only process those coming from the attacker, we can say it has a little bit of changes.

By default one single sybil node cannot affect the consensus, let’s assume there is a network of 10 nodes, where 1 of them is a sybil node, the tampered verification response will be only 10% and 90% of the network will discard the response for that node, so the impact at this point is not critical. On the other hand if there are 10 nodes and the attacker is able to manage 6 of them (60%) they can modify the consensus and start validating transactions that are not legit.

Measures to Prevent Sybil Attacks

In blockchain there are proof-of-work (PoW) or proof-of-stake (PoS) consensus mechanisms, they have measures to make Sybil attacks difficult:

Proof of Work (PoW):

• Computational cost: PoW requires participants to solve complex mathematical problems to validate transactions and add blocks to the blockchain. This makes it computationally expensive for attackers to create and maintain a large number of fake nodes.
• Resource consumption: Running many nodes requires significant power and hardware resources, making it economically difficult for attackers to sustain a Sybil attack.

This makes the ROI (Return of Investment) very low and with high risk, discouraging many attackers from trying it.

Proof of Stake (PoS):

• Economic cost: PoS requires participants to “stake” or lock a certain amount of cryptocurrency to participate in transaction validation. This makes it expensive for attackers to create many fake nodes, as they need to stake a significant amount of their own cryptocurrency.
• Slashing: Many PoS systems have “slashing” mechanisms, where participants lose a portion of their staked cryptocurrency if they engage in malicious behavior, such as creating fake nodes.
• Consensus mechanisms:
• Node validation: Blockchain networks often have mechanisms to validate the legitimacy of nodes, such as requiring them to prove their identity or demonstrate a history of good behavior.
• Reputation systems: Some blockchains use reputation systems to track the behavior of nodes, making it easier to identify and flag potentially malicious ones.

Also you can rely on tools that will help you identify monitor and safeguard Ethereum validators such as Tikuna. There are also (not in the node context) Zero Knowledge Proofs that are “Proof of Humanity” that allows the users to sent a ZK proof to validate they are real users and not faked entities, some examples of them are:

• WorldCoin
• zk Proof of Humanity
• Open Passport
• zk Gitcoin Passport

Key points to remember

• Sybil attackers create fake nodes instead of stealing legitimate ones.
• PoW and PoS mechanisms have built-in economic and computational costs that make Sybil attacks difficult, making the attacker’s ROI very low and at high risk.
• Consensus mechanisms and node validation procedures help prevent attackers from introducing fake nodes into the network. This does not guarantee that they are bullet proof (no system is), but it makes them very secure.