GENESIS 0182026.07.03
Sybil Resistance
Explained
Why one person one vote is hard online. Every approach to preventing Sybil attacks, ranked from weakest to strongest.
What Is a Sybil Attack?
A Sybil attack is when one entity creates many fake identities to subvert a system that assumes each identity is a unique person. Named after the book "Sybil" about a woman with multiple personalities, the attack is as old as the internet — and remains the single hardest problem in online identity.
Examples: one person creating 10,000 wallets to claim an airdrop meant for unique users. A competitor flooding a DAO with fake members to win governance votes. A bot farm generating fake reviews to manipulate a product's rating. A state actor creating millions of social media accounts to influence elections.
The core challenge: in a digital system, the marginal cost of creating a new identity is near zero. Without a way to tie digital identities to unique physical humans, every system that assumes "one identity = one person" is vulnerable.
Every Sybil Resistance Approach, Ranked
TIER 1 — WEAK
CAPTCHA: AI solves at 96% accuracy. Cost to defeat: $0.0001/account.
IP-based rate limiting: VPNs and proxies make this trivially bypassable.
Phone verification: virtual numbers cost $0.05. SIM-swap attacks bypass SMS verification.
TIER 2 — MODERATE
Email domain reputation: flags disposable email domains. Useful as a first filter, not sufficient alone.
Social graph analysis (BrightID): verifies uniqueness through mutual connections. Resistant to isolated bots, vulnerable to coordinated social graph attacks.
Staking/Deposit: requires economic commitment ($10-100). Raises the cost of attack but does not prevent wealthy attackers.
TIER 3 — STRONG
Biometric Proof of Personhood (Worldcoin): iris scan via hardware Orb. 18M+ verified. Strongest deployed solution. Weakness: requires specialized hardware and iris is irreplaceable if compromised.
Multi-stamp aggregation (Gitcoin Passport): combines biometric, social, financial, and behavioral stamps into a single personhood score. The more stamps required, the harder to Sybil.
TIER 4 — EMERGING
Proof of Continuity (MyShape): instead of proving uniqueness at enrollment, proves continuous human presence across time. A Sybil attacker would need 10,000 unique human bodies performing motion-signature verifications daily — economically infeasible. Continuity makes Sybil attacks exponentially more expensive than any snapshot-based approach.
The most effective Sybil resistance in 2026 is layered: Proof of Personhood (uniqueness) + Proof of Continuity (persistence). Either alone is vulnerable. Together, they are the strongest anti-Sybil defense available.
Continue Reading