Sybil Attack

Image of Author
September 7, 2023 (last updated September 7, 2023)

A Sybil attack is an attack where a single (bad) actor controls more nodes in a system than is intended, thereby allowing an exploitation.


A common example is in the TOR network where a bad actor attempts to control a large number of exit nodes in order to identify users.

A non-tech example of a Sybil attack is ballot-stuffing: one person voting multiple times in an election. p2p systems will also engage in voting behaviors, and so this type of ballot-stuffing exploitation can be done in a tech-based Sybil attack as well.

Prevention and mitigation techniques

A common solution to this problem is identification. A system, often centralized, that can verify that only one node is associated with one person/entity. The problem with this approach is that identification deanonymizes participants in the system, which might not be a desirable outcome, especially in a peer-to-peer system.

Another common mitigation technique is a proof of work scheme to make it computationally expensive to create multiple nodes. A system could also literally charge money or cryptocurrency. The broader point is that there is a cost to creating nodes, a cost that is easy to pay for creating one node, and hard to pay when creating many nodes. I know IPFS does this as part of it's Sybil-mitigation strategy.

There is also a variety of social proof strategies that are more contextual, wherein nodes can gain trust in other nodes by performing actions as intended within the system. More "trusted" nodes can then "vouch for" nodes that behave appropriately over time, which decreases the probability that those nodes are part of a Sybil attack of bad actor nodes.


The attack is named after a pseudonym for a therapy patient, Sybil (Wikipedia page) who was written about in a book of the same name. The patient had dissociative identity disorder (Wikipedia page), formerly known as multiple personality disorder. I assume the inspiration for the name for the attack has to do with one bad actor having multiple "identities" in the exploited system.