A dusting attack is a malicious activity in the crypto-space carried out by cybercriminals to reveal the identity of a person or company. After getting hold of an individual’s identity, they can do a couple of things including blackmail, selling the stolen identity or initiating some form of social engineering, and so on.
While bitcoin was the first cryptocurrency to come under this form of attack (probably because of its popularity), many altcoins have suffered from dust attacks in recent years. For example, in the second half of 2019, close 300,000 litecoin addresses were dusted on the binance exchange.
That being said, here's a quick summary of our major talking points:
- The definition of dust.
- How a dusting attack works.
- How identification is revealed.
- Who can be attacked?
- How to prevent yourself from a dusting attack.
- Final thoughts.
What is dust?
Dust is a very small amount of cryptocurrency that is basically not tradable, usually because the amount would be significantly lower than the transaction fee. Think of the tiny amounts of crypto that often remain in your wallet after trading, those are examples of dust.
Each cryptocurrency has its dust limit, which is the minimum amount required for any transaction to take place on the network. The dust limit for bitcoin is 546 satoshis. Any amount below the dust limit cannot be propagated over the network as it is not economically viable.
Even though dust cannot be traded, some exchanges have an inbuilt feature that allows its users to convert dust of various cryptocurrencies into a single coin/token. For example, Binance users can convert their dust into BNB, which is the native token of the Binance platform.
Note: Since the dust limit is typically a function of transaction fees, amounts that are not transactable today might become transactable in the future with a decrease in fees. This also means that the dust limit of any crypto might increase or decrease from time to time.
How dusting attacks work.
Scammers know that users might not notice insignificant amounts of additional cryptocurrency to their wallets. Even if they do take note, some people might still ignore these tiny amounts as they are of no tangible value. That is why scammers would go ahead and send many of these tiny amounts crypto ( a process known as dust) to many crypto public addresses in order to find out the person/company behind the addresses in question.
How personal information is revealed.
Bitcoin and other public blockchains have block explorers that are freely available for anyone to view all transactions, both past, and present. Scammers usually take advantage of these explorers to analyze transactions in addresses they’ve dusted, which can either be online or offline.
In the case of online addresses like those on centralized exchanges, it’s very easy for scammers to obtain all the information users provided during their KYC verification process. Meanwhile, if you’re transacting an amount that contains the dust to an offline wallet and your passphrase or private key was not stored securely, scammers would get hold of that info and claim ownership of your assets. Remember “not your keys, not your crypto”
Who can be attacked?
Basically anyone - whether new to crypto or seasoned bitcoiners can be a target of a dusting attack. However, such attacks are more likely to be executed successfully on newcomers who are less informed in the crypto-space.
How to prevent yourself from dusting attacks.
There are different mechanisms that can be used to avoid being dusted. In most cases, it’ll depend on the particular cryptocurrency you’re using especially as each blockchain has its unique design. Plus, all blockchains do not implement the same scaling solution.
1. Using an off-chain layer to transact.
If you’re a bitcoiner, a good option to stay clear from dusting attacks would be to use the lightning network. The reason is that you’re not obliged to send a minimum amount of satoshis over lightning. In other words, there is no dust limit. For example, when transacting on the bitcoin blockchain, any amount that is less than 546 satoshis is considered dust and therefore cannot be propagated through the bitcoin blockchain. With the lightning network though, you could transact even in milli satoshis (1 milli satoshi = 1/1000 satoshi)
2. Use a VPN.
VPNs are used to protect online privacy and increase individual security. A reliable VPN would keep scammers confused as they won’t be able to figure out your precise location. Plus, your real IP address would be hidden from anyone.
3. Use an exchange to convert your crypto.
Exchange the cryptocurrency which has the dust to another cryptocurrency and the dust would disappear, leaving your transactions untraceable. For example, if you received dust in one of your bitcoin addresses, you could simply use an exchange like Changelly to exchange the bitcoins to another cryptocurrency like ether. Attackers can only trace you when you send funds from the dusted address to other addresses of the same cryptocurrency that you own.
4. Use wallets with “do not spend” features.
Some wallets have begun integrating “do not spend” features in reaction to the increasing number of dusting attacks. The “do not spend” feature serves as a warning to users not to use the dust as they could be exposed to scammers who are out to obtain personal info.
Blockchain and cryptocurrencies provide a new means for people to access self banking facilities (“be your own bank”), but this comes with great responsibility. Failure to properly protect private keys and passwords can easily lead to loss of funds to hackers.
Also, users must be vigilant all the time so that they can identify any unexpected additional amounts of cryptocurrency that is sent to their wallet addresses. This way, they can take the appropriate steps to avoid being tracked and consequently prevent themselves from losing their personal information to scammers.
A video presentation of this article is available on youtube.
So what are your thoughts? Have you once been a victim of dusting attacks - and what did you do? Or maybe you have more tips and tricks to prevent dusting attacks? Drop them in the comments section below and let's talk.