First problem is that the attacker would have to know what the address of the target vault is–not a trivial matter.
Next, even if it did manage to know the address of the target vault and continually re-join the network in order to get close, it wouldn’t have a consensus of vaults, so if it tried to do anything out of agreement with the others, it would be marginalized.
Then, even if it were to get a majority of nodes to agree on an untoward action, it could only affect a limited number of chunks, which are also duplicated elsewhere on the network.
That’s even assuming that one could target a data particle that was meaningful to the attacker in some way.
Also, network churn continually changes the interrelationships of the various components, so that an attacker can’t get solid footing in relation to any set of participants.
What protects the system mostly is the broad-based interaction amongst a large number of participant nodes which have very limited ability to know the overall scene, but can only do verifiable actions which other nodes are also doing, and thus vetting. And the underlying data being handled is identified only as an encrypted chunk which would be of little use by itself, even if decrypted.
Out of apparent chaos, comes security.