Blockchain Security Apr 01, 2021

Attacks on the Blockchain

Blockchain technology is a higly protected technology, but it is not perfect, and one of the attacks that can affect this type of network is the Sybil attack. This is a curious vulnerability that can seriously affect blockchain networks, allowing an attacker to have a greater presence on the network.

What is Sybil Attack?

In the world of cryptocurrencies and blockchain technologies, there are many known cyber attacks and vulnerabilities, and one of them is the Sybil attack. This is a violation of the system by an entity that controls two or more different identifiers on the network. That is, when one person controls two or more points that should belong to different people or identities.

The name Sybil Attack comes from the book “Sybil”, the work of the famous writer Flora Reta Schreiber. In this book, there is a story of Sybil Dorsett, a young woman suffering from dissociative Identity disorder (DID), a psychological disorder that causes a person to create several different identities.

This is exactly what will happen in a cyberattack of this type in a distributed network. But in this case we will be talking about nodes that seem to act independently, but are actually under the control of the same person.

In this sense, we can summarize that a Sybil attack is nothing more than when a person tries to take control of a network by creating multiple accounts, nodes, or computers that are his property. All this shows that each of its points is different from the others, so as not to arouse suspicion.

But how can this type of hack affect blockchain technology and cryptocurrencies? What steps are being taken to prevent this? Well, let’s talk about all this, and much more.

The impact of the Sybil attack on the blockchain network

Sybil’s impact on the blockchain network is primarily focused on exerting undue influence on decisions made on the network. To do this, the user creates and controls many aliases that allow him to apply this influence in practice. As a result, the attacker gains disproportionate control over network solutions.

Let’s look at an example to make it easier to see this. In networks such as Bitcoin, many decisions affecting its operation are put to the vote. Voting allows miners and those who maintain network nodes to vote for or against the proposed proposal. Now, if an attacker has created multiple IDs on the network, he will be able to vote as many times as the IDs are under his control. A situation that goes against all the rules, and puts the other participants at a disadvantage.

But not only that, the Sybil attack can also control the flow of information on the network. For example, its use in Bitcoin can be used to obtain information about the IP addresses of users who connect to the network. This is a situation that threatens the security, privacy, and anonymity of network users. It sounds incredible, but Sybil’s attack on BItcoin is able to do it. The only thing an attacker will need is to gain control of several nodes in the network and start collecting information from them for analysis, which will allow him to get all the information he needs.

The situation reaches a peak if the attacker, in addition to receiving this information, carries out active censorship. A fact that prohibits users from legally using the network at any time.

How the Sybil attack is performed

Basically, we believe that technology has enabled us to make the world a safer place. To some extent, this is true, but the technology is imperfect, and there are vectors that can disrupt all kinds of systems. In this sense, we can say that there is no absolute security. And in all this, the Sybil Attack is a good example.

For example, peer-to-peer systems (P2P). They base their work on a decentralized and distributed network. Each node in the network is managed by different identifiers scattered around the world. This fact makes their networks difficult to attack and hack in general. This resistance level is ideal for mission-critical systems and is the reason for its use in blockchain and cryptocurrencies. After all, they are secure, stable, scalable, censorship-resistant, and highly accessible.

However, what if an enemy impersonates a friend and multiplies online using false data? This is the Sybil attack, and it was first described by John R. Douceur.

Douceur’s idea is simple, and it can be summarized as follows:

A P2P system can be disrupted if most of its nodes (which should be secure and belong to different people) are actually controlled by the same person remaining in the shadows.

Depending on the P2P system, this can mean a large investment in Bitcoin, when it is necessary to purchase mining equipment to influence the network. In other systems, the costs can be almost zero. For example, those where their decisions are made by the vote of those who are part of the network. In these cases, an attacker can create thousands of fake accounts controlled by the same person and influence network decisions.

In all cases, the means or forms of attacks differ depending on the network and its operational structure.

Example of Sybil’s attack

An example of the Sybil attack can be seen in the Tor network breach. This network operates on the basis of a P2P model, in which its nodes ensure that you can use the Internet anonymously. However, it is possible that an attacker or an object of surveillance (such as the NSA) may position dozens, hundreds, or thousands of nodes as trustworthy, completely violating their security. This is because the input and output nodes will be monitored by the NSA, and thus it will be able to monitor the network traffic of all those who use these compromised nodes.

This example of an attack is more practical than theoretical. In fact, in 2014, the Tor network fell victim to one of them.

Are blockchain networks susceptible to the Sybil attack?

Yes, blockchain networks are vulnerable to this type of attack. But each network is unique in this respect. This is because each blockchain takes its own security measures to protect itself from this type of vulnerability. Remember that Sybil’s cyberattacks are not unknown at all. Against this, developers take measures to protect the network and its users.

One of the most important measures at this stage is the chain of trust. For example, in Bitcoin, the blockchain and its history are distributed among all its nodes. They all have the same ledger, and if even one of them tries to change it, it is simply rejected. So when a node starts syncing on the network, it takes data from different sources. It matches information from all of them, and if any of the nodes tries to change any data in any way, it is simply rejected, and an attempt is made to take data from another trusted node.

This method protects Bitcoin from this type of threat, which makes it very complex and exposes these malicious nodes. In fact, in 2015, such an event occurred. At the time, Chainalysis was aggressively seeking information from all nodes. The attempt was discovered by the community, and later analyzed by Gregory Maxwell, a major Bitcoin developer.

Also, networks such as Ethereum, Bitcoin Cash, Dash, and even GRIN are susceptible to this threat. Of course, each of them has its own characteristics.

Does blockchain technology have ways to prevent Sybil attacks?

Of course, Sybil attacks are a very complex type of cyberattack, but the blockchain technology has several methods to avoid them and minimize the danger to those who connect to the network through the unique identification of nodes. All in order to avoid duplication in them and thus open the door for this attack.

How to prevent this type of attack?

Sybil attacks are not something that we, as users, can handle. In fact, measures to prevent them are a matter for developers of P2P networks. Among the most commonly used measures to prevent this type of cyber threat are:

  • Use validation systems and trust chains. This allows you to exclude intruders, and even disable the use of network resources for malicious purposes.
  • Use consensus protocols that imply the cost of identity or access to network resources. Thus, any action performed on the network will have a corresponding cost, and it will be multiplied in proportion to the usurped individuals. While this doesn’t prevent Sybil from attacking, doing it limits her potential too much.
  • Another way to prevent this type of attack is to create a reputation system. Basically, this system gives more opportunities to those users who spend more time on the network, demonstrating good behavior. That is, it turns the blockchain network into a meritocratic network, where power is transferred to the one who has the most merit. At the same time, the number of new users is decreasing. Thus, if an attacker creates hundreds or thousands of new accounts, their total capacity will never reach the level that is important for the network. This is because the system is responsible for balancing the potential of each new account to reduce it, as opposed to those with more time.

SPACEBOT

Author of the article

How to listing my coin/token to the SPACEBOT?

Application Form for Listing

Please Kindly Answer the Following Questions:

  1. 1. Coin Recommender
    1. 1.1 Anyone Introduces You to SPACEBOT?
    2. 1.2 Referral’s Name, Mailbox, Telegram Account
  2. 2. Introduction of the Project
    1. 2.1 Name of Project, supporting both Russian and English
    2. 2.2 Official Website
    3. 2.3 Documentation link (api for developers)
    4. 2.4 Symbol (url: coinmarketcap.com,coinpaprika.com etc.) ATTENTION: It’s a prerequisite! If information about your coin is not available on this resource, we can agreed and list it on coinmarketrate.com. Listing price from 10 ETH.
    5. 2.5 Offering Price (url: coinmarketcap.com,coinpaprika.com etc.)
    6. 2.6 Total Fundraising Amount (url: coinmarketcap.com,coinpaprika.com etc.)
    7. 2.7 Brief Introduction of your Project Covering its Positioning, Features , etc.
    8. 2.8 Expected Trading Pairs against BTC, USDT, ETH (url: coinmarketcap.com,coinpaprika.com etc.)
    9. 2.9 Anyone in Charge of the Project
    10. 2.10 Contact of Project Manager
    11. 2.11 Project promotion Channel like Website, Wechat Official Account, Twitter, etc.
    12. 2.12 Attachment of Source File of Token Logo
    13. 2.13 Is the Project Tokens Based on ERC20 (or other blockchain)?
    14. 2.14 Any Market Value Management?
  3. 3. Project Marketing ant Its Users Scale
    1. 3.1 Expected Listing Date
    2. 3.2 Users Community in Telegram, Twitter, Reddit, Slack, WeChat, QQ Group , etc. and Its Links and Scale
    3. 3.3 Media Reports and Links
    4. 3.4 Time and Place of Roadshow or Other Marketing Campaign?
    5. 3.5 Marketing Budget on SPACEBOT and Token price establishing margin
  4. 4. Qualifications
    1. 4.1 Basic Information of Team Members
    2. 4.2 Consultants or Public Figures
    3. 4.3 Early Investment
    4. 4.4 Whether Listed on Quote Platform,such as Feixiaohao ,CoinMarketCap, etc.
  5. 1. Notes for Listing
  6. 2. SPACEBOT the unique software, for co-production of cryptocerrency. SPACEBOT provides an opportunity to get a monthly increase in the productivity of the cryptovoltaic minting of PRIZM, BIP and other cryptocurrency due to the total increase of the balance in the network of blockages through the “Proof-of-Stake” system.
  7. 3. SPACEBOT is only responsible for verification of authenticity and legitimacy of projects. SPACEBOT will not evaluate the project, and not provide any moral and value endorsement. The digital assets team will take full responsibility for all illegal irregularities such as illegal fund-raising, pyramid selling, money laundering, gambling, drug abuse, fraud, being banker of the asset, etc.
  8. 4. The digital asset teams need to make preventive measure with SPACEBOT to keep away from crushing the market. Otherwise we will end the cooperation.
  9. 5. SPACEBOT will remove the project from the list if : The dissolution of team keeps our client away from mining, transferring, block inquiring, etc. No investors trade, hold, use this token; technical failure which affect mining, transferring, block inquiring, etc. The team has some illegal irregularities such as illegal fund-raising, pyramid selling, money laundering, gambling, drug abuse, fraud, being banker of the asset, etc.

How to register a new users on SPACEBOT?

Registration on SPACEBOT is available only via the referral link which you can get after bonding 100 coins to the pool.

In order to get the link through the Telegram bot:
1. Send 100 coins to the wallet given by the bot: Wallet – Deposit
2. Bond 100 coins to the pool: Wallet – Deposit for paramining
3. Skip to ‘Affiliate program’ section and copy your referral link
4. Now you can share your referral link and invite new users

In order to get the link through iOS/Android:
1. Send 100 coins to the wallet given by the App: Home screen – Refill
2. Bond 100 coins to the pool: Home scren – Bond
3. Skip to ‘Affiliate program’ section and copy your referral link
4. Now you can share your link and invite new users

How to install the iOS App?

To install the App

1. Follow the link:

https://apps.apple.com/ru/app/spacebot/id1498907599

2. Сlick ‘Install’ and follow the standard steps to install the App on your device

3. If you are a new user – press ‘Register’ (you need to indicate your inviter; find your inviter`s ID or get a referral link in the ‘How to register a new user’ section)

4. If you already have your SPACEBOT Telegram account you need to link it to email. You may find how to do it in ‘How to link email to your SPACEBOT account?’ section.

How to install Android App?

To install the App:
1. Follow the link:

https://play.google.com/store/apps/details?id=space.bot.mobile

2. Press ‘install’ and follow the standard steps to install the App on your device.

3. If you are a new user – press ‘register’ (you need to indicate your inviter; find your inviter`s ID or get a referral link in the ‘How to register a new user’ section)

4. If you already have your Telegram SPACEBOT account you need to link it to email. You may find how to do it in ‘How to link email to your SPACEBOT account?’

How to top up your balance?

Top up your balance with Telegram bot:
1. Go to ‘Wallet’ section
2. Press ‘Deposit’
3. Copy the wallets sent to you (be careful not to copy extra symbols)
4. Transfer coins to the copied wallet adress

Top up your balance with iOS/Android App:
1. Press ‘Top up’ on the mail screen
2. Copy the wallets sent to you (be careful not to copy extra symbols)
3. Transfer coins to the copied wallet adress

* Track transaction on the blockchain:
PRIZM – https://prizmexplorer.com
BIP/BTT – https://explorer.minter.network

**Please note that depositing of coins requires certain number of confirmations in the network and it takes time to process a transaction with our algorightm

***Also note that many exchanges and wallets services carry out transfers with delay (on some exchanges it can take up to 72 hours), and you shouldn`t worry since this is a stadard procedure.