Skip to main content

Ataque Sybil | Bitcoin Glossary | Mapping Bitcoin

Ataque Sybil

Segurança

Also known as: sybil resistance, identity attack

Ataque em que um agente malicioso cria múltiplas identidades falsas na rede para ganhar influência desproporcional, mitigado no Bitcoin pela prova de trabalho.

Overview

A Sybil attack, named after the subject of the 1973 book about a person with multiple personalities, occurs when a single adversary creates and operates a large number of pseudonymous identities within a peer-to-peer network. The goal is to gain disproportionate influence over the network's operations — whether by controlling routing, manipulating consensus, censoring transactions, or surveilling other participants.

In permissionless networks like Bitcoin, where anyone can join without identity verification, Sybil attacks are a fundamental threat model. Because there is no central authority to verify that each node represents a unique, independent participant, an attacker with sufficient resources can spin up thousands of nodes that all appear to be independent but are secretly coordinated.

How Sybil Attacks Threaten Bitcoin

Honest Network:                    Sybil-Attacked Network:
┌─────┐ ┌─────┐ ┌─────┐           ┌─────┐ ┌─────┐ ┌─────┐
│  A  │ │  B  │ │  C  │           │  A  │ │ S1  │ │ S2  │
└──┬──┘ └──┬──┘ └──┬──┘           └──┬──┘ └──┬──┘ └──┬──┘
   │       │       │                  │       │       │
   └───┬───┘       │               ┌─┴───────┴───────┴─┐
       │           │               │     Attacker       │
   ┌───┴───┐       │               │   Controls S1-S6   │
   │       │       │               └─┬───────┬───────┬─┘
┌──┴──┐ ┌──┴──┐ ┌──┴──┐           ┌──┴──┐ ┌──┴──┐ ┌──┴──┐
│  D  │ │  E  │ │  F  │           │ S3  │ │ S4  │ │  B  │
└─────┘ └─────┘ └─────┘           └─────┘ └─────┘ └─────┘

6 independent nodes               2 honest + 6 Sybil nodes
                                   Attacker has 75% of "peers"

The specific threats posed by Sybil attacks on the Bitcoin network include:

  • Eclipse attacks: If a victim node's peer connections are all Sybil nodes, the attacker can feed it a false view of the blockchain. Sybil attacks are often a prerequisite for eclipse attacks.
  • Transaction surveillance: Sybil nodes can monitor transaction propagation to determine which node first broadcast a transaction, potentially linking transactions to IP addresses.
  • Transaction censorship: Sybil nodes can refuse to relay specific transactions, delaying or preventing their confirmation.
  • Network partitioning: A sufficient number of Sybil nodes can fragment the network, isolating groups of honest nodes from each other.

Bitcoin's Sybil Resistance

Bitcoin's primary defense against Sybil attacks is proof-of-work. While an attacker can create unlimited fake nodes, they cannot create fake computational work. The consensus rules ensure that the valid chain is the one with the most accumulated proof-of-work, not the one supported by the most nodes. This means Sybil nodes cannot forge blocks or rewrite history without also commanding a majority of the network's hash power.

However, proof-of-work only protects consensus — it does not prevent all Sybil-based attacks. Network-layer attacks like transaction surveillance and eclipse attacks operate below the consensus layer and remain viable even with strong proof-of-work protection.

Mitigations in Bitcoin Core

Bitcoin Core implements several strategies to limit the effectiveness of Sybil attacks at the networking layer:

  • Diverse peer selection: Outbound connections are chosen from different IP address ranges (/16 subnets) to reduce the probability that all peers belong to one attacker
  • Connection limits: Caps on inbound connections from the same subnet prevent a single operator from monopolizing a node's connection slots
  • Anchor connections: Two block-relay-only connections persist across node restarts, making it harder for Sybil nodes to capture all slots after a restart
  • Tor and I2P support: Running nodes over multiple network transports forces an attacker to maintain Sybil identities across different networks simultaneously
  • Feeler connections: Bitcoin Core periodically probes random addresses to verify peer diversity

Sybil Attacks Beyond Node Networks

Sybil attacks are not limited to the node network. They can target any Bitcoin-adjacent system that relies on counting participants:

  • Mining pool voting: Creating fake miners to influence pool governance
  • Social consensus: Astroturfing developer mailing lists or forums to manufacture support for controversial protocol changes
  • Lightning Network routing: Operating many Lightning nodes to attract routing traffic for surveillance or fee extraction
  • Eclipse Attack — a targeted attack that often relies on Sybil nodes to isolate a victim
  • Node — the network participant that Sybil attacks impersonate
  • Proof-of-Work — Bitcoin's primary Sybil resistance mechanism for consensus
  • P2P — the network architecture that Sybil attacks exploit
  • Decentralization — the property that Sybil resistance helps preserve

Termos Relacionados

Ataque EclipseSegurança

Ataque que isola um nó Bitcoin monopolizando todas as suas conexões com pares. Pode facilitar gasto duplo e impedir que o nó receba blocos e transações.

Protocolo

Computador com software Bitcoin que valida blocos e transações, aplica regras de consenso e mantém cópia da blockchain, contribuindo para descentralização.

P2PProtocolo

Arquitetura ponto a ponto onde nós Bitcoin comunicam-se diretamente, sem servidor central, garantindo resiliência e ausência de ponto único de falha.

DescentralizaçãoGeral

Distribuição do poder entre muitos em vez de uma entidade central. Bitcoin descentraliza via rede P2P, código aberto e mineração por prova de trabalho.

Prova de TrabalhoMineração

Mecanismo de consenso onde mineradores gastam energia para encontrar hash abaixo do alvo, tornando proibitivamente caro alterar o histórico do Bitcoin.