Passer au contenu

Bitcoin accepté au paiement  |  Expédié depuis Laval, QC, Canada  |  Soutien expert depuis 2016

Sybil Attack

Network & Protocol

Definition

A Sybil attack is a peer-to-peer network attack in which a single adversary creates a large number of pseudonymous identities — fake nodes indistinguishable from genuine peers — to gain a disproportionate share of influence. The term was coined by John R. Douceur in his 2002 paper The Sybil Attack (named after a famous case study of multiple-personality disorder), which proved a discouraging theorem: in an open network with no central authority certifying participants, a resource-rich attacker can always present as many identities as it likes. Identity, on the open internet, is free to manufacture. Because Bitcoin nodes are pseudonymous and anyone may join, the network is structurally exposed to Sybils flooding it with sham peers — which makes Bitcoin's answer to Douceur's theorem one of its foundational design achievements.

Why consensus is Sybil-proof

Bitcoin neutralizes Sybils at the consensus layer by tying influence to physical cost rather than to identity. The right to extend the chain is weighted by proof-of-work — real hashrate, real energy, real ASICs — not by node count. Spinning up a million fake nodes buys an attacker precisely nothing toward producing blocks or rewriting history; that would require outcompeting the honest network's cumulative work, an expense no amount of identity manufacturing can fake. This is the deep reason proof-of-work exists at all: Satoshi's "one-CPU-one-vote" was never really about CPUs but about converting voting power into something that cannot be counterfeited by registering more names. Where the whitepaper's ideal was one-unit-of-work-one-vote, identity became irrelevant to block production — and Douceur's theorem, while still true, stopped mattering where it counts most.

Where Sybils still bite

At the networking layer, Sybil pressure remains a live threat, because your node chooses peers by identity-shaped signals (IP addresses), not by work. An adversary who controls enough addresses can surround a victim node with attacker-controlled peers, and a successful Sybil deployment becomes the foundation for an eclipse attack: isolating the node from the honest network and feeding it a curated, false view of the chain. Against an eclipsed node, an attacker can hide transactions, delay blocks, or set up double-spends against services that trust that node's view — a family of tricks related to the man-in-the-middle attack. Sybil identities also plague surveillance in the opposite direction: fake "listening" nodes that connect widely in order to correlate transaction origins are a Sybil technique aimed at privacy rather than consensus. Bitcoin Core hardens peer selection against all this — bucketing peers by network group so one subnet cannot dominate, preferring long-lived outbound connections, using anchor peers across restarts, and supporting connections over Tor alongside clearnet for path diversity.

The sovereign takeaway

The same attack shape recurs across the wider sovereign stack, wearing different masks. On Nostr, manufactured identities are spam and reputation-gaming, countered by proof-of-work stamps, paid relays, and webs of trust; in Lightning's gossip network, fake nodes can distort routing views; in any review system or DAO vote, Sybil is the default adversary. Douceur's theorem guarantees the pattern never disappears — every open system must either charge something real for influence, as Bitcoin charges energy, or accept that identities are free and design accordingly.

The practical defenses are the familiar sovereign habits. Run your own full node, so your view of consensus rests on validation rather than on trusting someone else's peers. Give it diverse connectivity — clearnet plus Tor, and a manually added peer or two you personally trust. And zoom out: the entire reason mining decentralization matters, the reason a solo miner or a small pool participant strengthens the network, is that proof-of-work's Sybil resistance is only as credible as the real-world distribution of the work. Fake identities are free; hashrate is not. Keeping it widely held is everyone's job.

In Simple Terms

A Sybil attack is a peer-to-peer network attack in which a single adversary creates a large number of pseudonymous identities — fake nodes indistinguishable from…

Explore the Full Glossary

Browse all Bitcoin mining terms from A to Z. Whether you are a beginner or expert, deepen your understanding of the mining ecosystem.

Glossaire du minage

ASIC Miner Database

Compare 500+ miners with real-time profitability data, home mining scores, and detailed specs.

Comparer les mineurs