Crypto

Sybil Attack

An attack in which a single actor creates many fake identities to gain disproportionate influence over a network — for example, in airdrops, governance votes, or peer-to-peer routing.

How Sybil attacks work

The basic pattern:

  • One actor creates many identities — accounts, nodes, wallets.
  • Each identity appears independent.
  • Combined, they exert outsized influence.

The name comes from a famous psychiatric case study of multiple personalities.

Where Sybil attacks matter

Several contexts:

  • Airdrop farming — one person farming with hundreds of wallets to claim more tokens.
  • Governance attacks — fake accounts swaying DAO votes.
  • Reputation systems — fake reviews, fake followers.
  • Peer-to-peer networks — controlling many nodes to censor or eclipse.
  • Proof-of-stake variants — though stake-weighting limits identity-based attacks.

The shared pattern: any system that treats identities as equal is vulnerable.

Defenses

Several approaches:

  • Proof of work / proof of stake — economic cost per identity.
  • Identity verificationKYC, social-graph analysis.
  • Reputation built over time — costly to fake at scale.
  • Sybil-resistance protocols — Worldcoin, BrightID, Gitcoin Passport.
  • Quadratic mechanismsquadratic voting, quadratic funding (assume Sybil resistance).

No defense is perfect; trade-offs between privacy, cost, and security.

Why it's hard

Several factors:

  • Pseudonymity is valuable — many users legitimately want it.
  • Identity verification has costs — privacy, friction, exclusion.
  • Adversaries are motivated — airdrop farms can be highly profitable.

Sybil resistance is one of the unsolved problems of decentralized systems.

What individuals should know

For users:

  • Many "communities" have substantial Sybil presence.
  • Voting outcomes in DAOs may be manipulated.
  • Airdrop allocations often partially captured by farmers.

For builders:

  • Design assuming Sybils will exist.
  • Don't rely on one-account-one-vote without identity layer.
  • Consider proof-of-personhood integrations.

Sybil attacks are foundational to threat models in decentralized systems. Understanding them informs design of governance, distribution, and reputation systems across crypto.