Sybil and eclipse attacks take place at the peer-to-peer network level, referring to an adversary generating multiple pseudonymous identities in order to interfere with the protocol. This is one of the ways to attack the main bitcoin server from the inside and causing corruption of massive scale.
Bitcoin Core dev Pieter Wuille has pointed out that, in the context of Bitcoin, the term ‘Sybil’ had traditionally been used to describe both of these vectors, though a 2015 paper called the Eclipse Attacks on Bitcoin’s Peer-to-Peer Network helped us understand and identify the fact that there is a difference between a Sybil and an eclipse attack.
The What Attack?
A Sybil attack is something you’ll undoubtedly be familiar with if you’ve browsed certain subreddits, sketchy product reviews, or dark corners of Twitter. Enthusiasts always have a knack for these shady things happening on the internet, if you like reading or learning about black and gray hat hackers, the dark web, the silk route, and crazy stuff happening everywhere then you should know about this too.
This happens whereby the attackers leverage the ease of spinning up new identities to create multiple pseudonyms to play the reputation system of a network.
An trying to pull off this attack on the Bitcoin network would populate the network with new nodes and connect them to honest participants in order to set them up with false information or to manufacture consent.
For instance, on an online forum where the only prerequisite to registering an account is providing an email address, an opponent would have a much easier time creating 500 identities than if they had to register an email address, phone number, and passport scan. This way the fake work comes to speed and the attacker can easily blend the truth into the false data.
Bitcoin is permissionless, but it is not stupid. It is carefully crafted by incorporating the element of Proof-of-Work. In order to craft blocks accepted by the network, a participant needs to invest in significant resources in terms of equipment, computing power, electricity and a great deal of brain. But, sometimes the honest reward is not enough for the attackers and the expensive calculation of Proof-of-Work is toppled to achieve more in less effort.
It’s possible for an opponent to spawn multiple nodes to hoodwink an honest peer, but for this, the attacker or the fake persons must connect with at least a single honest node at some point. Blockchain analysis firms in the past have been accused of engaging in such activities to siphon information from network participants. And that is just plain sad.
