Analysis and attacks on the reputation system of Nym
Cao and Green analyze Nym’s live network, source code, node selection, staking, and performance scoring. They find differences between the early white paper and the deployed NymVPN design, including more centralized layer assignment than the design implied.
Their simulations and limited mainnet experiments identify a framing attack against node performance scoring. The attack could make malicious nodes cheaper to place in the active set and thereby increase the chance of fully compromised routes. The authors disclosed the findings to Nym, which acknowledged them and changed development priorities.
This paper does not show that ordinary NymVPN sessions are routinely traced. It shows that token incentives, reputation, and permissionless node entry create additional attack surfaces that a marketing claim such as “decentralized” does not resolve.