Sounds like a 51% attack can be achieved with owning the majority of nodes. Unless there are some higher tier, centralized nodes.
Quote
Why isn't XTRABYTES vulnerable to a 51% attack?
The foundation for this protection flows from XTRABYTES’ decentralized node network. Comprised of 3584 ‘STATIC’ (Services, Transactions, and Trusted in Control) nodes, XTRABYTES issues transactions fees to its STATIC node owners rather than to miners. Network security is dependent upon these STATIC nodes signing each transaction block, through our new algorithm called Proof-of-Signature (PoSign). A private virtual network interconnects these online STATIC nodes, creating a virtual private network-like (VPN) functionality for the nodes.
With Proof-of-Signature requiring that every node signs every transaction, the entirety of the STATIC node network would need to be compromised simultaneously to undermine the integrity of the blockchain. Furthermore, by leveraging the use of digital signatures extensively in security algorithms, the XTRABYTES developers go several steps further than SSL and Microsoft’s signed software to ensure the security of the signature protocol.
If a signature is compromised, the associated [node network] signature will automatically be revoked as the consensus among nodes has been violated. The owner of the affected node is then warned to generate a new signature before the node can resume participation of the network. In short, a bad node will be “greylisted” and given a few more attempts to fix itself. If it continues to broadcast false information, it will be blacklisted by the network and excluded until further notice.
If a disruptive agent attacks and disables a STATIC node, one or more of the other STATIC nodes in the network will take control until the affected node has been brought back online and/or verified as stable.
The foundation for this protection flows from XTRABYTES’ decentralized node network. Comprised of 3584 ‘STATIC’ (Services, Transactions, and Trusted in Control) nodes, XTRABYTES issues transactions fees to its STATIC node owners rather than to miners. Network security is dependent upon these STATIC nodes signing each transaction block, through our new algorithm called Proof-of-Signature (PoSign). A private virtual network interconnects these online STATIC nodes, creating a virtual private network-like (VPN) functionality for the nodes.
With Proof-of-Signature requiring that every node signs every transaction, the entirety of the STATIC node network would need to be compromised simultaneously to undermine the integrity of the blockchain. Furthermore, by leveraging the use of digital signatures extensively in security algorithms, the XTRABYTES developers go several steps further than SSL and Microsoft’s signed software to ensure the security of the signature protocol.
If a signature is compromised, the associated [node network] signature will automatically be revoked as the consensus among nodes has been violated. The owner of the affected node is then warned to generate a new signature before the node can resume participation of the network. In short, a bad node will be “greylisted” and given a few more attempts to fix itself. If it continues to broadcast false information, it will be blacklisted by the network and excluded until further notice.
If a disruptive agent attacks and disables a STATIC node, one or more of the other STATIC nodes in the network will take control until the affected node has been brought back online and/or verified as stable.
Found it here https://support.xtrabytes.global/hc/en-us/articles/360000068751-Why-isn-t-XTRABYTES-vulnerable-to-a-51-attack-
