What are Sybil Attacks on the Blockchain

Cyberscope Team
May 27, 2022
What are Sybil Attacks on the Blockchain

The blockchain is a robust and efficient technology, but that doesn’t mean it’s perfect. Security vulnerabilities still exist, and one of the most significant issues with blockchain security is known as a Sybil Attack. In this guide, we’re going to cover everything you need to know about Sybil Attacks, including what they are, how they work, examples of them and how to prevent them from happening. So without any further ado, let’s jump straight in and learn more about Sybil Attacks!

What Are Sybil Attacks?

A Sybil attack is a type of attack in which an adversary creates multiple identities to gain control over a network. The term was first coined by psychologist Flora Rheta Schreiber in 1973, who used it to describe a woman (known as Sybil Dorsett) with dissociative identity disorder (DID).

In a blockchain context, the term refers to someone using multiple identities or accounts — known also as sockpuppets — to confuse and manipulate others. It’s possible for individuals or organizations with enough resources at their disposal to create large numbers of bogus accounts that make it appear there are more people involved in supporting a particular cause than actually exist. This can be used to sway public opinion and make fraudulent transactions seem legitimate.

How Do Sybil Attacks Work

In order to conduct a Sybil attack, an attacker must first create multiple identities. These new identities act independently from each other and have their own transactions on the blockchain network. In this way, it could appear as if there were many people using your service when in reality only one person was responsible for all their activities.

As you might imagine, there are many potential uses for such an attack:

  • Using bots to vote for someone else in elections. This has become a common problem with the rise of Decentralised Autonomous Organisations (DAOs).
  • Attackers may also be able to out-vote the honest nodes on a network if they create enough fake identities (or Sybil identities). They can then refuse to receive or transmit blocks, effectively blocking other users from a network.
  • In large-scale Sybil attacks, the attackers might even manage to take control of the network computing power or hash rate and carry out a 51% attack. In such cases, they may be able to change the ordering of transactions and prevent them from being confirmed. They could even reverse transactions that they made while in control, which can lead to double-spending.
How Do Sybil Attacks Work
How Do Sybil Attacks Work

Examples of Sybil Attacks

Here are a couple of real-life examples of Sybil attacks:

  • A notable Sybil attack was launched against the Tor anonymity network) for several months in 2014. Tor anonymity works by routing traffic through three separate nodes. The first knows the user’s IP address, and the third knows where the traffic is destined. The middle works as a sort of trusted intermediary so that nodes one and three have no knowledge of each other. Running huge numbers of servers has the potential to break those anonymity guarantees.
  • Another notable example was the 51% that happened to bitcoin gold which saw $18 million worth of bitcoin gold stolen in May 2018. That was the second time the network was hit with such an attack with the first one occurring in late 2017, resulting in over $72,000 worth of bitcoin gold tokens being double-spent.

How To Prevent Sybil Attacks

One way to prevent Sybil attacks is to rely more on proof-of-stake consensus algorithms rather than proof-of-work. Proof of stake consensus mechanism requires master node or service node operators to stake (lock up for a period of time) a significant amount of cryptocurrency. This stake acts as a deterrent to Sybil Attacks. A node detected by the network that is conducting fraudulent or malicious activity stands to lose a part of its stake, as well as the right to participate in the future. Since the stake is higher than the potential reward, the cost to attack again exceeds the reward.

Furthermore, to take control of the entire network the attacker would need to acquire 51% of the circulating supply of the cryptocurrency. The cost to do this would be so high that it is extremely unlikely any attacker could afford it.

Large proof-of-work networks like Bitcoin are also impossible to be victims of 51% attacks. The amount of mining hardware needed to control 51% of the network’s hash power (enabling a Sybil Attack) would be exorbitantly expensive, so much so that it would not be worth the attacker’s while. Put simply, the cost to attack would exceed the potential rewards.


We’ve covered the basics of Sybil attacks and how they work. These attacks are an example of how malicious users can manipulate a blockchain to their advantage. If you’re interested in learning more about these types of attacks or other security breaches in cryptocurrencies, you can sign up for our weekly newsletter or follow us on Medium.

Tags :
Share :

Subscribe To Our Newsletter

Stay updated with the latest hacks, threats, security best practices, and educational content in the crypto world right in your inbox!