Let's Talk

What Is a Sybil Attack?

Rob Behnke

Blockchains can be targeted by a variety of different attacks.  A Sybil attack - named after the subject of the 1973 book Sybil, a case study of a woman diagnosed with dissociative identity disorder - is when attackers take advantage of the blockchain’s anonymity to create multiple different malicious accounts. While these accounts can’t be used to break consensus, they can be used to attack the blockchain in other ways.

Inside a Sybil Attack

The blockchain protocol is designed to be pseudonymous. Instead of using real-world identities on the blockchain, users are identified by a blockchain address, which is derived from their private key.

Since a private key is just a random number, there is nothing tying it to an individual’s real-world identity.  This fact also means that blockchain users can create multiple blockchain accounts, which can be used for benign or malicious purposes.

In a Sybil attack, the attacker creates a massive number of blockchain accounts.  While this can’t be used to break blockchain consensus (blockchain consensus algorithms count hash power, staked cryptocurrency, etc. as “votes” instead of individual accounts), it can be employed in a few different attacks.

How Sybil Attacks Can Be Used

In a Sybil attack, the attackers have control of a number of different accounts on the blockchain network.  While these accounts can’t be used to affect consensus, they may be useful for network-level attacks.

In an eclipse or routing attack, the attacker tries to isolate a blockchain node from the rest of the blockchain network or split the blockchain network into multiple, isolated pieces.  Doing so makes it possible to perform double-spend attacks against the network.

In blockchain, nodes randomly select their direct neighbors in the blockchain’s peer-to-peer network.  If an attacker performs a Sybil attack, a disproportionate number of the available nodes are under the control of the attacker.  This increases the probability that a node will select only nodes belonging to the attacker as their peers or that all links between two parts of the blockchain network will pass through attacker-controlled nodes.

If this is the case, the attacker has control over the communications within the blockchain network.  While they can’t create fake transactions on behalf of other users (since transactions are digitally signed), they can filter the transactions and blocks that each part of the network sees and send mutually conflicting versions of their own transactions to each part.

Using a Sybil attack in an eclipse or routing attack forces the isolated network parts into building different, conflicting versions of the digital ledger.  This can be used in a Denial of Service attack or to increase the attacker’s probability of success within a 51% attack.

Securing the Blockchain

The design of the blockchain makes it impossible to use a Sybil attack to corrupt consensus.  However, a Sybil attacker may still be able to impact the blockchain’s operations by performing a network-level attack.

Blockchain networks can mitigate the impacts of these attacks by adopting certain strategies.  

To learn more about securing a blockchain against Sybil and other types of attacks, reach out to Halborn at [email protected]


We’re looking for passionate, blockchain-loving, offensive security engineers and white hat hackers to join the team.

For secure communications, use [email protected]

Contact Us

crossmenuchevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram