Sun. Apr 11th, 2021
Sybil Attack, Free TON

In 1973, a book was published, and later a theatrical production — Sybil, the main character of which, due to a dissociative disorder of the psyche, considered herself to be different people. 

This would have had nothing to do with our topic if, in 2002, Microsoft Research employee Brian Zill did not suggest naming one of the schemes of attacks on information systems, when the attacker has many controlled accounts acting in concert, after the book protagonist.

Sybil peer-to-peer attack is an attacker action in which the victim only connects to those nodes that the attacker controls.

The attacker creates new nodes in the peer-to-peer network, which gradually “surround” the attacked node. Since each node stores and updates its own” rating ” of neighboring nodes, after a while it has more confidence in those who have provided it with data longer and better. It costs nothing to create a new peer-to-peer node identifier, so an attacker can implement different “environment” strategies, generating new identifiers faster than they are detected by network defenders. After a node only receives data from nodes controlled by an attacker, the attacker can begin to provide false data to the node.

Sybil Attack, Free TON

Illustration of a Sybil Attack

Sybil Attack: Metamorphoses Depending On Network Consensus

In blockchains, Sybil attack has its own characteristics:

  • if the attacker seized control of neighboring nodes, he can refuse to receive or transmit data, effectively blocking the attacked node;
  • when an attacker controls a large number of nodes, he can block the sending of transactions, create the illusion of a network lag on the attacked nodes, or provide pre-prepared false data;
  • even a short-term “holding” of a transaction in a peer-to-peer network can be used by an attacker for frontrunning: the attacker sees what kind of transaction user wants to conclude and conducts his transaction before him; 
  • if the attacker controls a large hashrate (PoW network) or a large number of coins (PoS network), he can deceive the attacked node at the blockchain level, up to the double spend attack.

Sybil attacks are dangerous in any non-consensus peer-to-peer network such as TOR, BitTorrent, IPFS. In them, an attack can lead to de-anonymization of the user or blocking of the protocol.

Sybil attack takes place in both DeFi and economic protocols. For example, the algorithm is protected from the attack of “whales” — transactions operating in large volumes of tokens, with the help of a large commission for such operations. In this case, the rich attacker simply divides his balance into thousands of accounts and attacks them with coordinated actions. The “whale” attack and the Sybil attack are two sides of the same coin: on the one hand, the attack is carried out at the expense of a small number of accounts with impressive balances, and on the other, a large number of accounts with a small balance.

Sybil Attack Examples

In 2014, a successful Sybil attack on the TOR network took place, which led to the de-anonymization of a large number of users.

In 2020, it turned out that early versions of the Electrum wallet for the Bitcoin cryptocurrency have a vulnerability. The Electrum developers have allowed users to access servers that are not under Electrum control. This created fertile ground for the Sybil attack. One Electrum user lost 1,400 BTC as a result.

What about Free TON?

Sybil Attack, Free TON

To understand the vulnerability of Free TON to this type of attack, we turned to Sergey Prilutsky, an expert on the security of decentralized solutions, head of software research at MixBytes:

  • Sergey, is there a theoretical possibility of a Sybil attack in the Free TON network, for example, through control over several validator nodes?

Yes, it exists, as in any decentralized network. The consensus attack is standard for all PoS networks, including TON, and requires the attacker to control a large number of tokens. 

But Sybil network attack on the p2p network in TON is more complicated than in other networks (as well as blocking the network) — TON nodes can freely change their ADNL identifiers within the overlay network (and they constantly do this forcibly at the end of each validation cycle) , and can also freely change their IP-addresses, “escaping” from the sight of the attacker.

  • Does network sharding affect the ability to carry out this attack?

It does not affect the theoretical possibility, but in practice, due to routing between shards, it will be more difficult for an attacker to program such an attack.