A tweet from one of the largest Crypto exchanges Binance recently announced that the fourth largest Alt.coin may have been a target of a dusting attack. It went on to link a transaction of (0.00000546 LTC) sent to 50 addresses as being part of the attack. This kind of attack basically lets the attacker deanonymize the identity of the crypto wallet holders by monitoring the transactional activity of these wallets emanating from the small fractions of crypto sent to them.

Background

In Cryptoverse, dust is referred to very small amounts of digital coins or tokens, ones which are not even noticed by users. As an example, let us think of a satoshi — 0.00000001 BTC or the smallest unit of measure in Bitcoin. Typically, dust would equate to about a couple of hundred satoshis (or 0.00000200 BTC).

These are small amounts that get stuck in users' accounts after the execution of trading orders. These “dust balances” are so small they are not tradeable, but if you are using Binance exchange, for example, it lets you convert this dust into the native crypto BNB (Binance coin).

Origin

Since Bitcoin is a public & decentralized network, anyone can join the network without providing any personal information. Despite the public nature of the transactions conducted on the BTC network, finding the identity of the transacting parties is not really easy and this is what makes Bitcoin somewhat anonymous —ideally, a new Bitcoin address is created for every new transaction. The dusting attacks were originated to break this privacy of the Bitcoin network initially, but have now spread to other cryptocurrency networks as well who are running on traceable public blockchains.

Weakness

The problem arises when a user holds their cryptocurrency in a digital wallet. In this case, the users themselves become responsible for the security of their private keys to the wallet. These private keys provide them with the safety of their digital funds since nobody else knows about them. The users are acting as their own bank, but any lapse in security on their part would result in permanent loss of your holdings since there is no involvement of any intermediary.

The other aspect is the KYC (Know Your Client) verification process, whereby some crypto exchanges collect personal data from the customers as per the regulation. However, the downside to this side is that when users transfer funds to and fro between the exchange and the wallet, there is a risk of revealing your identity in the process.

Dusting Attacks

Although the primary focus of these attacks was originally the Bitcoin network, the same technique can be utilized by malicious actors to attack other networks as well — Litecoin in this case. Since users don’t pay much attention to tiny amounts of cryptocurrency sent to their digital wallets, scammers send out a few satoshis to a large number of addresses or “dusting” these addresses with satoshis.

The scammers can then attempt to analyze the transactions from these wallets if the owners end up moving the “dust” sent out to them. The process involves linking these so-called dusted addresses to their respective owners thus revealing the identity of the individual or the company.

The attackers can use this knowledge to launch subsequent phishing attacks or blackmail owners into cyber-extortion. Besides malicious actors, research labs, government agencies & other companies are also involved in these dusting attacks in an attempt to deanonymize the blockchain networks.

Prevention

Since a successful attempt depends on a combined analysis of multiple addresses, it is essential that you don’t move any of these dusted funds. Without tracking the transactions, the attackers won’t be able to make a connection of funds to the identity of the owner. Although there is a dust limit of 546 satoshis which was the case in the recent attack on Litecoin, dusting attacks ranging from 1000 to 5000 satoshis are not uncommon either.

Back in October 2018, some users of the Bitcoin Samurai wallet underwent dusting attacks. The company quickly responded by warning their users of the attack and implementing a real-time alert tracking the dust & also adding “Do Not Spend” feature that would let users such suspicious funds as dust, so that they are not used in any future transactions.

Conclusion

The bitcoin blockchain is a pretty resilient network when it comes to hacking but the digital wallets remain the weakest link in the equation. Use one with good security features like encryption, storing your private keys in encrypted folders, using good antivirus software and maybe use a VPN if you can afford one. Privacy & Security is increasingly becoming a luxury in this 24/7 connected world.

Medium | Twitter | LinkedIn | StockTwits | Telegram