The June 2024 ZK airdrop by the zkSync L2 network reignited the conversation about a crypto problem that had been under the radar for some time: Sybil attacks.
During the airdrop, there were myriad complaints online concerning the inadequate measures taken to deal with Sybil wallets.
The term “Sybil” describes a small group of wallets taking advantage of free cryptocurrency in airdrops. The practice represents a monster that has haunted crypto projects repeatedly, leading to massive levels of damage.
My guide today digs deeper into Sybil attacks, explains how you can mitigate against them, and even mentions a few such past attacks.
What Are Sybil Attacks?
A Sybil attack occurs when a malicious actor attempts to undermine a computer system’s service provision and reputation by creating numerous fake anonymous identities to gain unfair or unauthorized influence over the network.
The term “Sybil attack” was first coined in computer science by Brian Zill in 2002 at Microsoft Research. Initially, L. Detweiler had used the term “pseudo-spoofing,” which did not gain much traction.
The name “Sybil attack” is inspired by a 1970s novel about Sybil Dorsett, who was diagnosed with dissociative identity disorder, previously known as multiple personality disorder. Thus, Sybil attacks are directly linked to the creation of multiple identities to corrupt a network.
Sybil attacks have been a significant stumbling block, especially in establishing and maintaining peer-to-peer networks.
In essence, a peer-to-peer system may appear to have multiple authentic identities, but behind the scenes, a single anonymous and malicious entity controls these identities, effectively taking over the network. This is where Sybil attacks and crypto intersect.
In the crypto space, a Sybil attack occurs when a single individual operates multiple nodes to take control of the entire blockchain network. By controlling many nodes, attackers can damage the blockchain’s integrity and reputation.
Crypto-focused Sybil attacks deceive the system into recognizing fake nodes as legitimate, corrupting the blockchain.
If successful, attackers can manipulate the network entirely, altering blockchain finality. The primary goal of Sybil attacks is to breach privacy, corrupt transactional data, and steal investors’ funds.
Understanding the Mechanics of Sybil Attacks
The complexity and lethality of Sybil attacks rely on the simplicity of their mechanics. Sybil attackers master the art of deception by taking advantage of blockchain networks. Here are a few stages of Sybil attacks:
- The malicious actor begins by creating multiple false nodes. The attacker creates very many accounts. These accounts will trick the system into believing these sham accounts are legitimate.
- The attacker then infiltrates the system using an account already on the network. The goal is to impersonate the account user. They achieve this feat by compromising the email addresses and passwords associated with the users’ accounts. Once stage two is complete, the network will have more exposure.
- The attacker can then use the multiple identities to impersonate users and outvote legitimate nodes in a blockchain voting proposal.
- It’s also possible that the malicious attacker can intercept IP addresses and other critical data, which compromises privacy and security.
What Are the Types of Sybil Attacks?
Sybil attacks are often grouped into two major classifications: direct and indirect Sybil attacks.
Direct Sybil Attacks
In this type, a malicious node interacts directly with honest nodes within the protocol. They compromise the honest nodes into completing functions that benefit the attacker. The result is compromised trust and consensus.
Indirect Attacks
In this type of attack, an intermediary or proxy node, influenced by the Sybil nodes, attacks honest nodes directly. The attacker uses the proxy nodes to facilitate communication between honest and Sybil nodes, disseminate false information, and even launch a solid but indirect attack.
Indirect Sybil attacks ultimately make it harder to trace the attacker.
What Are the Consequences of Sybil Attacks?
Hacks and smart attacks in the digital space often negatively impact crypto projects and stakeholders, and Sybil attacks are no exception. Unlike most attacks, however, Sybil attacks focus on stealing user funds and data, as well as manipulating and taking control of large systems.
The ultimate goal of a Sybil attack is not always financial gain; it can also be to ruin reputable networks.
Here are a few consequences of Sybil attacks:
Consensus Mechanism Manipulation
One of the most dangerous consequences of Sybil attacks in blockchain is the manipulation of consensus mechanisms. Since consensus systems like PoW and PoS rely heavily on the power provided by peer-to-peer nodes, any attack on these systems can lead to network manipulation.
The attacker can distort the consensus process by flooding the network with numerous fake nodes. As a result, honest network nodes will lose opportunities to earn rewards by validating and mining.
The attacker can also target the mining system, enabling malicious actors to mine blocks faster than the rest of the network users. Eventually, they can control a significant share of the network’s mining rewards.
Moreover, the attacker can refuse to add blocks to the chain by controlling many validators. If this occurs, the blockchain could slow down and eventually come to a halt.
Hijacking a Blockchain
Have you ever heard of the 51% attack? This is a unique type of attack in blockchain networks where a single individual or group gains majority control of the network.
Essentially, the malicious individual or group controls about 51% of the blockchain network, giving them a majority vote in every situation. The attackers pose serious security threats by hijacking the blockchain, manipulating miner rewards, and dominating votes.
The same can happen in PoS, where the majority can control staking and validation. By maintaining 51% of the validation, malicious actors can control the network, rewards, and significant proposals.
Double Spending
Another critical issue that can arise from Sybil attacks is double-spending. In this case, the attacker creates fake identities, using them to manipulate transactions within the network.
The attacker can send the same transaction to different nodes within the network, hence spending the same coins multiple times. This will result in a double-spend transaction, which undermines the trust and value of a coin.
Transactions Manipulation
Another possible consequence of Sybil attacks is transaction manipulation, where an attacker alters the flow of transactions in the network, including transaction records.
Hackers can, for instance, manipulate transaction data, rewarding themselves with free crypto.
Data Tampering and Privacy Manipulation
The attacker can also access and alter data within the network, affecting smart contracts, transaction records, and other critical information.
Access to private data like IP addresses and more immediately compromises users’ privacy. This type of Sybil attack has been popular in privacy-focused projects.
Denial of Service (DoS) Attacks
By overwhelming the network with numerous malicious nodes, Sybil attacks can cause disruptions. Transaction processing slows down, and the network may become temporarily unavailable.
Erosion of Trust
Trust is fundamental in decentralized systems. Sybil attacks erode trust by allowing malicious actors to manipulate the network. Users lose confidence in the system’s security and reliability.
Block Honest Network Participants
A successful Sybil attacker can use their influence to restrict access to valid users. Honest nodes may find it challenging to access a network once a Sybil attacker takes over.
Review Bombing Attacks
Finally, imagine the amount of power a Sybil attacker could have when it comes to online reviews. The same attacker could hold many accounts and write fake and negative reviews of crypto projects, causing losses or even the ultimate death of new services.
Countermeasures Against Sybil Attacks
Fortunately, despite the ongoing negative impact of Sybil attacks on blockchain networks, there are contingent measures used by blockchain projects to protect against these attacks. Below are a few key measures to take:
Social Trust Graphs
Implementing social trust graphs (SGTs) in modern systems can be a good mitigating factor against Sybil attacks. A social trust graph visually represents validators within a blockchain network, showing their relationships, interactions, and trust levels among nodes.
In essence, the social trust graph system analyzes the connections between the network nodes, drawing conclusions about their trustworthiness based on their behavior and interactions.
Using these graphs, networks can classify the nodes or validators based on their level of honesty. If they spot a flaw in some nodes, the system will flag their trust level as low.
Currently, there are three major existing techniques for social trust guards, including:
- SybilGuard: An algorithm that uses social trust graphs to detect Sybil nodes by analyzing connectivity patterns.
- SybilLimit: A method that limits the number of connections a node can have, preventing excessive influence.
- Advogato Trust Metric: The reputation-based system used in the Advogato community to assess trustworthiness.
Another popular system implanted to deal with Sybil attacks is simply computing a sparsity-based metric that helps identify groups of suspected Sybil accounts in a peer-to-peer system.
The above methods cannot guarantee 100% accuracy in preventing Sybil attacks since they rely on assumptions. However, STGs counter the Sybil attacks through anonymity preservation. These graphs also look into the historical behavior of nodes to spot the reliable and honest nodes that have gained a reputation over time.
Increasing the Economic Costs
Increasing the economic costs associated with node operations can also be a sound barrier of entry for Sybil attackers. When the cost becomes very high, attackers may think twice before committing resources to attack a network.
For instance, some networks demand that node operators invest vast resources in stake and storage or even participate in heavy, resource and time-consuming proof-of-work systems.
In PoW, for instance, proof must be provided that a node spent effort solving a puzzle. The share of rewards is distributed based on the time and energy input to facilitate the network.
By making it extremely expensive and demanding to run a node and earn rewards, a blockchain network deters the activities of Sybil hackers.
Identity Validation
This involves doxing the true identity of entities with a malicious, sybilistic nature. Identity validation consists of verifying the nodes and performing reverse lookups.
Identity validation is split into two parts:
- Direct validation is often done when a local entity interacts with a central entity to validate the identity of remote nodes.
- A local entity relies on previously accepted identities in this setup, allowing other network participants to vouch for a remote identity.
Details like phone number, credit card, and IP address are verified in identity validation. This eventually leads to doxing the node runners’ details, including the name. It’s a sound system but runs into one major flaw: the exposed data infringes on users’ privacy.
Worldcoin’s WorldID system is also an excellent protocol for verifying users’ identities to curb Sybil attacks. It verifies the individual behind web addresses and crypto wallets while using ZKPs to keep the information private.
Application-Specific Defenses
Depending on the applications in use, custom defense systems can also be used. In general, these generic defenses mentioned above remain susceptible to attacks.
However, creating applications with specific defenses allows users to enjoy innate protection against Sybil attacks.
The possible algorithms implemented include SumUp, DSybil, Whānau, and Kademlia.
KYC Requirements
KYC, or Know Your Customer requirements, are designed to link a wallet to a specific name, person, or business. This type of verification can help curb Sybil attacks.
A History of Sybil Attacks
Over the years, the crypto space has seen its fair share of Sybil attacks, leading to losses or privacy infringement. Below are some of the more famous ones:
Tor
In 2014, the privacy-focused network Tor was hit with a Sybil attack with over 100 malicious nodes. This hack exposed the personal information of thousands of Tor users.
Monero
In November 2020, Monero, a privacy-focused blockchain, suffered one of the most significant Sybil attacks in the crypto industry. This attack, which lasted ten days, aimed to infringe on the privacy of network users by deanonymizing transactions.
The hacker exploited a bug that allowed the network to accept its malicious nodes and attempted to track IP addresses and link them to specific transactions, ultimately without success.
Ethereum Classic
Ethereum Classic, the original version of Ethereum, is another crypto network that has suffered several Sybil attacks. Reports indicate that it has faced multiple 51% attacks since its inception, with the most severe occurring in 2020.
During that attack, the perpetrators gained control of a significant portion of Ethereum Classic’s hash power, enabling a double-spend transaction. They moved funds between wallets and drained them through exchanges.
According to the reports, this attack resulted in the loss of approximately $5 million in the network’s native ETC coins.
Verge
In 2021, Verge was also hit by a major Sybil attack that wiped out 200 days of historical transaction data. While Verge was able to recover, this attack was massive and sent shockwaves across crypto.
What Are Sybil Wallets?
zkSync is not the first project to be a victim of Sybil wallet attacks. But what are those?
A Sybil wallet attack occurs when a malicious entity creates many wallets for more airdrop distribution than they deserve. Like general Sybil attacks, malicious wallets use deception to gain an unfair advantage.
Of course, this explains why there was a massive uproar from the zkSync community, especially during the 2024 ZK airdrop.
Dealing with Sybil wallets, or getting rid of them, is proving a complex task for many projects, including zkSync. While attempting to filter out Sybils, zkSync might have filtered out actual, genuine wallets while letting thousands of sham wallets benefit.
Final Thoughts
Sybil attacks represent a persistent and multifaceted threat to the crypto landscape, as starkly highlighted by the recent zkSync airdrop incident. While the term “Sybil” might be new to some, its implications have long been felt across the blockchain ecosystem.
These attacks erode trust, compromise privacy, and manipulate the very mechanisms that ensure network integrity. As my exploration has revealed, understanding and mitigating Sybil attacks is crucial for the ongoing development and security of decentralized networks.
With evolving countermeasures and heightened vigilance, the crypto community can work towards fortifying against this insidious adversary, ensuring a more secure and reliable future for blockchain technology.