Sybil Attack — An Affordable Way of Counterfeiting Game of Stakes

October 23rd 2018, Berlin. The chatter among hundreds of individuals resonate across Funkhaus’ pre-war walls. From the crowd, a blond man runs towards his partners. In cold sweat and alarmed face, he says — I think someone cheated in the registration for Game of Stakes.

October 24th 2018, Game of Stakes’ registration is closed after more than a month since opening. An outstanding total of 253 approved participants strike the Cosmos validator community, a group formed in the early testnet days who met twice a month since December 2017 (when Cosmos was about to launch) — Have we ever had 253 participants in our calls?! Do any of you know these people? This seems rather odd.

Similar to most KYC systems, registering for Game of Stakes required little more than a file representing something similar to a valid ID. Considering that the entity managing the competition had no way of verifying the identifies, the ways to trick the registration system are not scarce: Are you a large organisation? Simply tell all the employees to register, of course, do not use the professional email accounts, else registration will get rejected. Can you afford hiring freelancers? Great, let’s pay them so they register with their IDs. Ever gone shopping in the Darknet? Why bother, around here [in Thailand] there are cheaper ways.

Validators and the Methods of Rationality

The rumours of a sybil attack on Game of Stakes became louder. But they mattered not. For a long time, it was believed that validators would act altruistically, assuming costs and committing resources indefinitely to support the network — hoping that eventually they would be rewarded for the hard work.

Although realisation needed longer than expected to strike the hearts of validators, reality was harsh, so some started to think and act rationally — Who cares if there’s a cartel out there? Whichever entity manages to unite 34% of the network wins the game.

The Mystery of the Anonymous Cartel

End of October 2018, a pseudonymous group behind the handlers of br4hm4, sh1v4 and v1shnu (Brahma, Shiva and Vishnu in l33t speak) became active on Twitter:

Their goal was written and shared through a Manifesto:

[…] Betrayal from Tendermint against humanity, removing the beloved steak. One must perform karma for the benefit of mankind without an unbiased approach. Bias gives birth to evil, creating thousands of obstacles in our path. — The Steak Manifesto

And their plan was straightforward: I. 34% Attack against GoS; II. Victory over GoS; III. Bring back Steak. With time, the conversation started to flow and the plan was slowly shared with the chosen ones present in their Riot room.

Meanwhile, members of the Cosmos validator group were skeptical — Who are they? Are they just enraged by the change of steak to stake? Can we trust their modified software?

It is unclear who is behind steak.zone. Is it someone we already know (implicitly trust) from our community? Channel seems a bit weird.

The last trace of activity from one of the members of the anonymous group was seen on the 2nd of December. With 27 members remaining in the Riot room, stake.zone seemingly ceased their activity. Who are they? Are they just enraged by the change of steak to stake? — Will the answer to these questions ever be found?

The Cabal — From Internet Strangers to a Cartel

October 23rd 2018, Berlin. Fast beats and synthetic sounds echoed around the Funkhaus building. From the second floor, the sounds of contemporary electronic music seemed like nostalgic remains of a different world. Standing around a tall bar table, a small group of people converse. Although they knew each other from long ago through public Riot rooms and live streamed calls, being able to speak face to face was different. It was more intense. Oddly different than typing messages or replying through the virtual frontiers — Was it because of the abundant hip and fully organic German beers circulating? Who knows.

Likely, most of them will not remember that night that ended with the sentence: Great, I will create this group and invite all of you. Let’s get this going. This group’s name was The Cabal.

Cosmos Guardians — The Beginning

December 9th 2018, the initial group of only a few named The Cabal started to grow. December 11th 2018, the group was renamed to Cosmos Guardians.

Validators that once were the little slow pufferfish, oblivious to great dangers of the vast blue ocean, started to turn themselves into unpalatable, pointy and lethal fish. Maybe more similar to a group of muskoxen steadily forming a defensive row and pointing the horns towards the threat:

I am writing to you today because of a grave danger that faces us in Game of Steaks. […] We are asking everyone of you to join this cartel to defend our precious network from a hostile takeover by an unknown outsider. […] Everyone in this room has the permission set to invite new people and kick existing people. […] So please take some time, think about who else you would like to take along for the defence of our network […]

It was a race. The members of Cosmos Guardians needed to think and act quick to reach as close to 34% as possible, but it was not easy: Who should I invite? Who can I trust? I think they should join but do I really know them?

Maybe is best for us to not disclose this info. Making the attacker aware that we know about thier intentions, might change their modus operandi.

It had to remain a secret group. No one could be careless, inviting the wrong parties to this group would have put your own reputation at risk. Gladly, the validators did not start at zero: some relationships were forged about a year ago, some had insider information, others could apply automatic methods to gather data and make inferences.

But it was not enough: By looking at the monikers, they look somewhat affiliated to Korea, but the hints from insider information seemed more compelling. Shall we leave out Koreans, Chinese, and the Japanese for now? It was challenging, leaving validators located in Asia would slow down the growth of this group. Plus, many of them were known personally.

Nonetheless, there were more hints found in the collected genesis transactions: the IP addresses that came with the suspicious monikers were all from DigitalOcean providers.

Trust, insider information, data mining, espionage. From a small group of 4, it grew to 57 individuals who pledged to their Article 5: An attack against one member is an attack against all.

[To be continued: The Strategies of a Cartel]