I think you're still thinking in a consensus mindset. It doesn't matter if I put 1,000 nodes under my control, and hack them to cheat. As soon as any and each one of them execute the cheat, all the honest nodes will ignore them. You can't overpower the honest nodes precisely because there is no consensus. They will still continue to operate by the "honest" rules which are committed as the first entry in each of their chains, and ignore any nodes who have shown evidence hey are doing something outside those rules.

However, that isn't to say that a large number of Sybil nodes can't cause grief and gluts of traffic even by forcing a network to trigger lots of immune responses, which is why (as Mortiz mentions) we suggest apps take steps toward Sybil defense by defining membrane rules for joining the network.

That is a scenario where you could have someone stake something (PoS), or do some expensive computation to generate valid agent keys (PoW), or do some kind of identity validation (KYC) or social triangulation. This makes Sybil attacks somewhere between expeensive or impossible. But you only have to incur that expense ONCE when joining, not on every action.

This continuity of cryptographic identity, and accountability for your actions is part of what enables Holochain to remain so performant. Then the immune system kicks in and you lose that stake or that agent key or have your real-world identity banned from the system because you didn't follow the rules.

You are suggesting that that cost get overlaid on every action. If that's the overhead you want to carry, then use blockchain.