What is a Dusting Attack, And How to Avoid One?

• Most attacks in the crypto world involve the use of social engineering to make people divulge confidential information

• Hackers and scammers devise different means of compromising users' privacy in the crypto market for malicious intent.

• By breaking the anonymity of users, scammers may use the information gathered to cyber-extort, blackmail, or even kidnap family members of their target for crypto-ransom

• Some players in the crypto industry may adopt dusting attacks for different purposes.

• Not all dusting is considered an attack as some are for advertising purposes, stress testing of network bandwidth, and defense.

• Some of the ways to protect against dusting attacks are by using hierarchical-deterministic wallets, leaving the dust unspent, and creating new addresses for Bitcoin payment requests.

Keywords: dusting, de-anonymize, wallet, criminals, network, social engineering

About three years ago, there was a huge dusting attack on Litecoin affecting more than 200,000 wallets. With similar attacks on other Blockchain networks, many users were concerned about the safety of their digital assets and what to do in the instance of such an attack.

Dusting like throwing dust at someone, in this case, means a fraction of crypto that is sent into many wallet addresses with malicious intent. Scammers lurk around the crypto market devising different means of perpetuating their nefarious acts every day. Most attacks are geared toward using social engineering to make people divulge confidential information. In recent times, the scammers have grown more sophisticated deploying new covert ways of compromising people’s wallets and dispossessing them of their digital assets. One of these methods is a dusting attack.

What is a dusting attack?

---

A dusting attack is a fraudulent attack in which a small amount of crypto is sent to many wallet addresses to track the wallets' activities and link them to the individuals or companies that own them. It begins with the sending out of dust- a tiny amount of crypto to different addresses after which the attacker tries to figure out which one belongs to the same wallet. The attacker then uses the information to launch phishing attacks or threats against the victim. Dusting attack is not really about the ‘what’- the tiny amount of crypto sent, but largely about the ‘why’. The aim behind the dusting which may not be known to the target at the time of the attack is the major concern about the dusting attack. It may be necessary to look at some types of people that may launch a dusting attack and their probable motives.

1. Criminals: Criminals may launch a dusting attack to analyze and identify the identity of huge crypto holdings. Their motives for this may vary including extorting people online, launching a physical attack, or kidnapping for crypto-ransom. Criminal syndicates can also employ dusting attacks to cover up their trail from government agencies. By using multiple wallets to spread money around, criminals may make it difficult for law enforcement authority to trace their identities.

2. Government agency: A law enforcement agency or a branch of government may also carry out dusting attacks to target criminal networks, tax evaders, or money launderers. People have used crypto to crowdfund for different causes which governments often see as a threat. The government may therefore use a dusting attack to ‘de-anonymize’ the group behind the cause for targeted action.

3. Spammers: Spammers may also use dusting to spam a network by sending a series of worthless transactions to congest it.

4. Developers: Developers may also use mass dusting as a way of testing the bandwidth or throughput of a network.

5. Advertiser: A dust may be sent for advertisement and not attack. Some crypto companies have used dust to advertise to users by including messages in the crypto dust. It is pertinent to know the first block of Bitcoin mined contained a message. The 2019 dusting attack on the Litecoin network was traced to some group advertising their mining pool. A 2018 dusting attack on the Bitcoin network where thousands of wallets received 888 satoshis was also traced to a crypto mixer company, BestMixed advertising its platform. While the two cases cited here may appear not malicious there have also been cases of malicious dusting attacks. An instance of that is a dusting attack that happened on the Binance Chain in October 2020. The hackers sent a very small amount of BNB to many addresses. They attached to the transaction a link to a phishing website to bait Binance users.

Dusting happens on all crypto networks including Bitcoin. The transaction fee for sending dust to thousands of wallet, however, make it less popular on Bitcoin Blockchain. It is also instructive to know that not all small amount of crypto received is dust. Some may be as a result of trade, and should therefore not be considered an attack. There is a need to take caution any way because attackers exploit the fact that people hardly notice these small changes in their wallets to successfully launch an attack. While the amount may be inconsequential, the social engineering, blackmail, and extortion it may be used for are enough to make one take caution.

How to identify dusting attack

While a dusting attack is not too common and should not be a cause for paranoia for crypto users, it may be important to know how to identify one when it occurs. One of the ways to identify a dusting attack is to use a block explorer to check your addresses. If the tiny amount in your wallet is a dusting attack the transaction ordinary will have one address on the sender side and multiple addresses on the other.

Case Analysis: let’s assume you have a wallet with three receive addresses, while the rest are change addresses.

In the first case: there is dust in one of the addresses, but no other funds. Receive or change addresses hold the main fund.

The addresses can be linked in this case if the user spends from them without taking precautions.

Second case: Dust is in two or more addresses while the main funds are on receive or change addresses. The addresses can be linked in this case too if the user spends from them without taking precautions.

Third case: The address with the main fund is the only one with dust.

The addresses cannot be linked in this case as long as the user does not deposit any fund before spending or marking the dust.

Fourth case:

The dust and the fund are in the first receive address with no fund in the other addresses.

It is advised that you migrate all of the funds in this case into another wallet.

How to avoid dusting attack.

1. Conversion: When you receive a small amount of crypto you suspect may be dust, you can convert the dust on exchanges that offer such a service. By doing this, you can rest assured your identity will not be unmasked through social engineering.

2. Using Hierarchical-deterministic wallet: Some wallets create a new address for every transaction. By changing the address after each transaction, these hierarchical-deterministic wallets make it difficult for hackers to analyze the addresses and break your privacy.

3. Marking out the dust: another way to avoid a dusting attack is to mark the dust ‘do not spend’. When the fractional amounts are left in the wallet unspent (especially in wallets that represent dust as UTXO- unspent transaction), it will not be included in the future transaction making it difficult for anyone to trace where they go and use combined analysis to track your identity.

4. Creating a new Bitcoin address for receiving transactions: transactions like peer-to-peer that are done without intermediaries are more like to guarantee anonymity. The use of KYC for verification on crypto exchanges put users at the risk of unraveling their identities when they move funds between their wallets and exchange accounts. One way to guide against the compromise of your privacy and being a target of dusting attack is to create a new Bitcoin address for every payment request or new transaction.
   
   While dusting attack may not be a frequent form of attack in crypto market, there is still need to take necessary precautions especially for those holding large crypto assets. Remember, it is not just about the dust, but what may follow after the 'settling of the dust.'

Author: Gate.io Observer: M. Olatunji

Disclaimer:

* This article represents only the views of the observers and does not constitute any investment suggestions.

*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement.