Sybil Attacks are yet another type of exploit that decentralized protocols have to beware of...
A thread 🧵 👇
In a Sybil Attack, a user creates multiple identities (wallet addresses) to exploit a protocol or get undue influence over the network.
Some scenarios that are vulnerable to such attack:
• Allocation of one governance vote to one wallet/address
• Limit of NFT mint per wallet/address
• Airdrops
• Exclusive token sale allocations
At first, a few false identities might sound relatively harmless to you.
But, at a scale, it can greatly harm a network.
Here’s how...
1. Disrupting the system with a 51% attack
Malicious nodes take over >51% of the network's hash rate or computing power & outvote other honest nodes
Such an attack can modify the order of txs, reverse the txs to enable double-spending, and prevent the confirmation of txs.
Blocking users from a network
Once Sybil nodes take over the network, they can refuse to transmit or receive blocks in a network.
This leads to blocking other users from accessing the network.
Compromising Privacy
Nodes are responsible for handling the flow of information within the network.
A Sybil node can access information about other nodes, spy on data transfer and monitor network traffic.
Disproportionate Access to Token Airdrops
Protocols airdrop their tokens to the users who’ve supported them in the initial days by contributing to the system.
There are two ways to execute token airdrop:
• Airdrop a fixed number of tokens to every wallet/address that satisfies a certain criteria
• Airdrop tokens proportional to the wallet’s protocol usage
In scenario 1, the Sybil attacker could create multiple identities receiving a relatively large number of tokens compared to ones using single wallets.
For e.g. an attack on @ribbonfinance took place where a VC firm received $2.5M worth of tokens in the airdrop.
@ribbonfinance However, they returned the funds after getting pressurized by the community.