A dusting attack refers to a relatively new kind of malicious activity where hackers and scammers try and break the privacy of Bitcoin and cryptocurrency users by sending tiny amounts of coins to their wallets. The transactional activity of these wallets is then tracked down by the attackers, who perform a combined analysis of different addresses to deanonymize the person or company behind each wallet.
What is dust?
In the language of cryptocurrencies, the term dust refers to a tiny amount of coins or tokens – an amount that is so small that most users don’t even notice. Taking Bitcoin as an example, the smallest unit of BTC is 1 satoshi (0.00000001 BTC), so we may use the term dust to refer to a couple of hundreds of satoshis.
Within cryptocurrency exchanges, dust is also the name given to tiny amounts of coins that “get stuck” on users’ accounts after trading orders are executed. Dust balances are not tradeable, but Binance users are able to convert them to BNB.
When it comes to Bitcoin, there is no official definition for dust because each software implementation (or client) may assume a different threshold. The Bitcoin Core defines dust as any transaction output that is lower than the transaction fees, which leads to the concept of dust limit.
Technically speaking, the dust limit is calculated according to the size of inputs and outputs, which normally computes to 546 satoshis for regular Bitcoin transactions (non-SegWit), and 294 satoshis for native SegWit transactions. This means that any regular transaction equal to or smaller than 546 satoshis will be considered spam and are likely to be rejected by the validating nodes.
Malicious actors realized that cryptocurrency users don’t pay much attention to these tiny amounts showing up in their wallet addresses. So they began “dusting” a large number of addresses by sending a few satoshis to them (i.e., a small amount of LTC, BTC or other cryptocurrencies). After dusting different addresses, the next step of a dusting attack involves a combined analysis of those addresses in an attempt to identify which ones belong to the same crypto wallet.
The goal is to eventually link the dusted addresses and wallets to their respective companies or individuals. If successful, the attackers may use this knowledge against their targets, either through elaborated phishing attacks or cyber-extortion threats.
Dust attacks were initially performed on the Bitcoin network, but they are also happening with Litecoin, BNB, and other cryptocurrencies. This is possible because most cryptocurrencies are running on top of a traceable and public blockchain.
In late October 2018, Samourai Wallet developers announced that some of their users were under dusting attacks. The company sent out a tweet warning users about the attacks and explaining how they could protect themselves. The Samourai Wallet team implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that lets users mark suspicious funds, so these are not included in future transactions.
Since dusting attacks rely on a combined analysis of multiple addresses, if a dust fund is not moved, attackers aren’t able to make the connections they need to “deanonymize” the wallets. Samourai Wallet already has the ability to automatically report suspicious transactions to their users. Despite the dust limit of 546 satoshis, many dusting attacks today are well above it and are usually ranging from 1000 to 5000 satoshis.
Dusting attacks on the Binance Chain (BC)
In October 2020, scammers started performing a new kind of dusting attack on the Binance Chain (BC). They sent tiny amounts of BNB to multiple addresses, leaving a link to a malicious website in the transaction Memo. Be careful! This is a scam. There is no BNB to be claimed.
An example of a Binance Chain dusting attack.
Since Bitcoin is open and decentralized, anyone can set up a wallet and join the network without providing any personal information. Although all Bitcoin transactions are public and visible, it’s not always easy to find the identity behind each address or transaction. This is what makes Bitcoin somewhat anonymous – but not completely.
Peer-to-peer (P2P) transactions are more likely to remain anonymous because they are performed without the involvement of any intermediary. However, many crypto exchanges collect personal data through KYC verification processes, meaning that when users move funds between their personal wallets and exchange accounts, they are taking the risk of being somehow deanonymized. Ideally, a brand new Bitcoin address should be created for every new receiving transaction or payment request. Creating new addresses helps protect users’ privacy.
It’s important to keep in mind that, unlike many tend to believe, Bitcoin is not really an anonymous cryptocurrency. Besides the recently created dusting attacks, there are many companies, research labs, and governmental agencies performing blockchain analyses in an attempt to deanonymize blockchain networks – and some argue they already made significant progress.
While the Bitcoin blockchain is nearly impossible to hack or disrupt, the wallets often present a significant point of concern. Typically, you don’t provide personal information when creating a new wallet or address, so you can’t prove theft if some hacker gains access to their coins – and even if they could, that would be useless.
When you hold cryptocurrencies in a personal wallet, you are acting as your own bank. There is nothing you can do if your wallet gets hacked or your lose your private keys.
Privacy and security are getting more and more valuable every day, not only for the ones that have something to hide but for all of us. And those are particularly valuable for cryptocurrency traders and investors.
Along with dusting and other deanonymizing attacks, it’s also important to be wary of the other security threats that are part of the cryptocurrency space, such as Cryptojacking, Ransomware, and Phishing. Additional security measures may include installing a VPN along with a trustworthy antivirus in all of your devices, encrypting your wallets, and storing your keys inside encrypted folders.