Sybil Attacks are yet another type of exploit that decentralized protocols have to beware of...
A thread 🧵 👇
A thread 🧵 👇
In a Sybil Attack, a user creates multiple identities (wallet addresses) to exploit a protocol or get undue influence over the network.
Some scenarios that are vulnerable to such attack:
• Allocation of one governance vote to one wallet/address
• Limit of NFT mint per wallet/address
• Airdrops
• Exclusive token sale allocations
• Allocation of one governance vote to one wallet/address
• Limit of NFT mint per wallet/address
• Airdrops
• Exclusive token sale allocations
At first, a few false identities might sound relatively harmless to you.
But, at a scale, it can greatly harm a network.
Here’s how...
But, at a scale, it can greatly harm a network.
Here’s how...
1. Disrupting the system with a 51% attack
Malicious nodes take over >51% of the network's hash rate or computing power & outvote other honest nodes
Such an attack can modify the order of txs, reverse the txs to enable double-spending, and prevent the confirmation of txs.
Malicious nodes take over >51% of the network's hash rate or computing power & outvote other honest nodes
Such an attack can modify the order of txs, reverse the txs to enable double-spending, and prevent the confirmation of txs.
Blocking users from a network
Once Sybil nodes take over the network, they can refuse to transmit or receive blocks in a network.
This leads to blocking other users from accessing the network.
Once Sybil nodes take over the network, they can refuse to transmit or receive blocks in a network.
This leads to blocking other users from accessing the network.
Compromising Privacy
Nodes are responsible for handling the flow of information within the network.
A Sybil node can access information about other nodes, spy on data transfer and monitor network traffic.
Nodes are responsible for handling the flow of information within the network.
A Sybil node can access information about other nodes, spy on data transfer and monitor network traffic.
Disproportionate Access to Token Airdrops
Protocols airdrop their tokens to the users who’ve supported them in the initial days by contributing to the system.
Protocols airdrop their tokens to the users who’ve supported them in the initial days by contributing to the system.
There are two ways to execute token airdrop:
• Airdrop a fixed number of tokens to every wallet/address that satisfies a certain criteria
• Airdrop tokens proportional to the wallet’s protocol usage
• Airdrop a fixed number of tokens to every wallet/address that satisfies a certain criteria
• Airdrop tokens proportional to the wallet’s protocol usage
In scenario 1, the Sybil attacker could create multiple identities receiving a relatively large number of tokens compared to ones using single wallets.
For e.g. an attack on @ribbonfinance took place where a VC firm received $2.5M worth of tokens in the airdrop.
For e.g. an attack on @ribbonfinance took place where a VC firm received $2.5M worth of tokens in the airdrop.
@ribbonfinance However, they returned the funds after getting pressurized by the community.
More here 👇
coindesk.com/tech/2021/10/0…
More here 👇
coindesk.com/tech/2021/10/0…
@ribbonfinance Scenario 2 is favourable to the whales. Since they have large transaction volumes, they’ll receive more token airdrops.
This makes the community uneven where everyone doesn’t have the same rights.
Few intelligent implementations have been tried to curb Sybil attacks:
This makes the community uneven where everyone doesn’t have the same rights.
Few intelligent implementations have been tried to curb Sybil attacks:
@ribbonfinance Ways to prevent Sybil attacks:
Cost of identity creation
If a user needs to pay a fixed cost for identity generation, the cost to execute a 51% attack could outweigh any potential gains.
That's why Bitcoin or Ethereum are less vulnerable to Sybil attacks.
Cost of identity creation
If a user needs to pay a fixed cost for identity generation, the cost to execute a 51% attack could outweigh any potential gains.
That's why Bitcoin or Ethereum are less vulnerable to Sybil attacks.
@ribbonfinance Creating a Reputation system
Users who’ve been in the system for a long time would have higher reputation/power as compared to the new users.
Old users have already proved themselves as honest nodes and with more power can override newer Sybil nodes.
Users who’ve been in the system for a long time would have higher reputation/power as compared to the new users.
Old users have already proved themselves as honest nodes and with more power can override newer Sybil nodes.
@ribbonfinance Using Social Trust Graphs
Social trust graphs monitor the node data and activity within the blockchain closely so that abnormal nodes could be detected and halted.
However, It's hard to detect malicious nodes if attackers are able to mimic the behaviour of normal nodes.
Social trust graphs monitor the node data and activity within the blockchain closely so that abnormal nodes could be detected and halted.
However, It's hard to detect malicious nodes if attackers are able to mimic the behaviour of normal nodes.
@ribbonfinance Sybil attacks can damage a protocol, steal funds and affect user privacy.
Currently, most anti-Sybil techniques do not guarantee security.
To prevent Sybil, protocols and chains would need to design their systems carefully and use enhanced user verification techniques.
Currently, most anti-Sybil techniques do not guarantee security.
To prevent Sybil, protocols and chains would need to design their systems carefully and use enhanced user verification techniques.
@ribbonfinance Follow @magikinvestxyz for more threads like this!
Also, please consider RT-ing the original post...
Also, please consider RT-ing the original post...
https://twitter.com/magikinvestxyz/status/1536472177108733957?s=20
• • •
Missing some Tweet in this thread? You can try to
force a refresh
