Playing “Meta-Go” and the problem of Sybil Attacks
Hacker misused public game board to “draw” letters
For the last two weeks, hundreds of people were playing the strategy game Go online and on the lit-up Museum façade in the city center of Graz, Austria. Every night, participants from all over the world are split in two teams, and earn PLAY tokens as a reward for playing.
Moves are determined via a simple majority consensus algorithm: the next stone is put on whichever field is proposed by most players. Since there’s a lot of fields to choose from, a small majority (of e.g. 5 out of 50 players of a team) can be enough to determine the next move. This consensus algorithm became the target of a hacker the other day.
While it should be impossible for 100 random players without means of communicating with each other to coordinate moves, one player took advantage of this algorithm and decided to take over the game board.
Since access to the game is unrestricted and permission less, it’s not very difficult to impersonate multiple players and to reach the voting power needed to determine moves.
That way, we ended up with a big “FU” out of black stones on the game board. The white stones were neatly placed on the bottom of the board.
Fortunately, we took notice of this round of — let’s call it “Meta-Go” — as it was unfolding, and we were thus able to document it.
When we first became aware of what the hacker was trying to do, we immediately started a conversation in our Mattermost chat channel about how to deal with that situation. We quickly reached consensus about just letting it happen — we even felt a bit honored that somebody put in all that effort.
We also took a close look at the server logs, figuring out that the players (identified by the randomly generated 160 bit Ethereum addresses) contributing to the “FU” pattern were all connected from the same IP and thus very probably just one person.
While we did block that IP at the end of that game in order to not render other players just spectators for longer, we do not want to put up any access restrictions by default. Here’s why:
On the Internet, it’s fundamentally impossible to prevent such Sybil attacks (in which an individual presents itself as multiple individuals to a remote system). While mitigations are possible, they’re all just about making it more difficult, and sometimes have their own drawbacks.
An example: It would be easy to allow only one connection per IP address. However, this would still allow somebody with enough technical knowledge and motivation to establish multiple connections using for example proxy servers or Tor. Moreover, this could lock out legitimate players which happen to share the same public IP, e.g. of a company network.
When designing P4P, we consciously decided not to add an incentive for proposing “good” moves, but to treat every proposal as equal.
The risk this posed was clear: it created a potential incentive to focus on proposing as many moves as possible without worrying about the “quality” of proposed moves.
The fact that somebody additionally made the effort to completely take over the board — maybe just for the lulz, maybe to point out that we had initially forgotten to enforce the repetition rule — just made it more obvious.
As the developers of this game app, our final conclusions are:
This was a nice, practical demonstration of a Sybil attack.
“Proof of Play” is currently without any serious Sybil attack protection. We hope that the decency to not take advantage of this and the fairness of participants are enough to not make that a big issue. We plan to interfere only in the case of obvious and massive abuse.
In one of our upcoming projects, tackling this kind of issue in a generic way will be a major focus.
We believe that online accountability doesn’t necessarily require a loss of privacy (this paper does a good job at explaining the principle) and that with modern crypto and the right incentive structure, it will be possible to bring not only anonymous transparency, but also anonymous accountability to the Internet.