A Sybil attack gets its name from a 1973 novel about a woman with multiple personalities, and in crypto it works the same way: one attacker wearing many masks. By spinning up dozens or thousands of fake nodes, wallets, or accounts, a single operator can trick a peer-to-peer network into believing it is dealing with many independent participants when it is really only one.
The concept was formalized in a 2002 research paper by Microsoft researcher John Douceur, who showed that any open network without a cost attached to identity creation is vulnerable to this kind of flooding. Blockchain consensus mechanisms exist partly to close that gap. Proof of Work forces every participant to burn real computing power to matter, while Proof of Stake requires locking up capital that can be slashed for bad behavior. Both make it expensive, rather than free, to manufacture fake identities at scale.
The stakes go beyond simple node manipulation. A large enough swarm of fraudulent identities can skew governance votes, isolate honest nodes from the network, or build toward a 51% Attack by concentrating apparent hashing or staking power. Documented cases include a sustained 2020 campaign against Monero using malicious relay nodes to try to unmask users, and the ongoing problem of "airdrop farming," where thousands of throwaway wallets siphon token distributions meant for genuine users.
On networks with deep hash rate or staked value, such as Bitcoin, the economics generally make large-scale Sybil attacks self-defeating. Smaller or newer chains, with less capital securing them, remain the most exposed.