Sybil Attack

A Sybil attack is a peer-to-peer network attack in which a single adversary creates a large number of pseudonymous identities — fake nodes that are indistinguishable from genuine peers — to gain a disproportionate share of influence. The term was coined by John R. Douceur in his 2002 paper The Sybil Attack, which proved that such attacks are always possible in an open network without some central authority certifying participants. Because Bitcoin nodes are pseudonymous and anyone can join, the network is structurally exposed to Sybils flooding it with sham peers.

Why Bitcoin resists it at the consensus layer

Bitcoin neutralizes Sybils for consensus by tying influence to physical cost rather than identity. Voting on the valid chain is weighted by proof-of-work hashrate, not by node count, so spinning up a million fake nodes buys an attacker nothing toward rewriting history — that would require real energy and hardware. This is precisely why proof-of-work exists: it converts a one-CPU-one-vote ideal into one-unit-of-work-one-vote, making identity-spoofing irrelevant to block production.

Where Sybils still bite

At the networking layer, Sybils remain a real threat. By surrounding a victim node with attacker-controlled peers, a Sybil attack becomes the foundation for an eclipse attack — isolating the node from the honest network and feeding it a manipulated view of the chain. Running your own full node, using diverse and trusted peer connections, and reducing reliance on a handful of inbound peers all blunt this risk.

For related network-level threats, see the Eclipse Attack and Man-in-the-Middle Attack glossary entries.