Sybil Attack

A Sybil attack is a security threat where a single adversary creates numerous pseudonymous identities (wallets, accounts, nodes) to subvert systems that assume one-entity-one-identity. Named after the subject of the 1973 book about dissociative identity disorder, Sybil attacks exploit the fundamental pseudonymity of permissionless blockchain networks where anyone can generate unlimited addresses at near-zero cost.

How Sybil attacks work

In permissionless systems, identity creation is free and unlimited. An attacker generates hundreds or thousands of wallet addresses, distributes capital or activity across them, and exploits systems that weight influence per-identity rather than per-capital. The attack is particularly effective against:

Quadratic voting: The quadratic cost function ($Cost = Votes^2$) is designed to reduce whale influence — 100 votes cost 10,000 tokens from a single address. But an attacker splitting tokens across 100 addresses pays only 100 tokens total for 100 votes, completely bypassing the quadratic penalty.

Airdrops and token distributions: Protocols distributing tokens to unique addresses are vulnerable to Sybil farming, where a single entity claims hundreds of allocations. This dilutes legitimate recipients and concentrates tokens with attackers.

DAO governance: Combined with vote buying or delegation, Sybil addresses can artificially inflate participation metrics, manipulate quorum calculations, or distribute governance power to evade per-address caps.

Defenses

Proof of Personhood (PoP) systems like Gitcoin Passport, Worldcoin, and BrightID attempt to verify unique human identity through biometric, social graph, or credential-based attestation. These create identity verification layers that make Sybil creation expensive or impossible.

Graph analysis techniques using Graph Convolutional Neural Networks (GCNN) and clustering algorithms detect coordinated wallet behavior — similar transaction timing, shared funding sources, identical interaction patterns — to identify and neutralize Sybil clusters.

Economic deterrence raises the cost of identity creation through staking requirements, bond deposits, or minimum activity thresholds that make creating hundreds of fake identities prohibitively expensive.