Beginner’s Guide to Dusting Attack – What Is It And How Do You Protect Yourself
What Is a Dusting Attack?
A dusting attack refers to a new kind of malicious activity where hackers and scammers try and break Bitcoin and cryptocurrency users’ privacy by sending tiny amounts of coins to their personal wallets. Many Bitcoin adepts operate under the assumption that their anonymity is well protected against efforts to infiltrate their transactions, but unfortunately, that is not the case.
In the language of cryptocurrencies, the term dust refers to a tiny amount of coin or token – an amount that is so small that people tend to ignore it. Taking Bitcoin as an example, the smallest unit of the currency is 1 satoshi (0.00000001 BTC), and we could refer to a couple of hundreds of satoshis as dust.
In other words, dust is a tiny transaction or amount that is not worth sending because it is much smaller than the transaction fees. Within cryptocurrency exchanges, dust is also the name we give to tiny amounts of coins that “get stuck” and are not tradeable.
Most people do not take notice of their wallet’s dust and rarely worry about their origin. Until recently, it was totally okay to not pay attention to these tiny amounts on your wallets, but with the creation of dusting attacks, we can no longer say that.
Scammers recently realized that Bitcoin users do not pay much attention to these tiny amounts showing up in their wallets, so they began “dusting” a large number of addresses by sending a few satoshis to them. They then started to track those funds and all those dusted wallets’ transactions, allowing them to link addresses and eventually determine the companies or individuals behind those wallet addresses. This knowledge can later construct targeted phishing attacks or attacks such as cyber-extortion on unaware victims.
I know who you are, pay me and I will not reveal your identity
Dusting attacks were initially performed with Bitcoin, but they are also happening with other cryptocurrencies running on top of a public and transparent blockchain.
In late October 2018, developers of the Bitcoin’s Samourai wallet announced that some of their users were under a dusting attack. The company sent out a tweet warning their users and explaining how they could protect themselves. To protect their users against dusting attacks, the wallet now offers a real-time alert for dust tracking and a “Do Not Spend” feature that enables the users to mark those suspicious funds and avoid using them in the future transactions.
If a dust fund is not moved, attackers cannot make the connections they need to “de-anonymize” the users of that wallet or the address owner. Samourai wallet already has the ability to automatically report transactions below the limit of 546 satoshis, which offers some level of protection. This limit is automatically adjusted by the software based on current market conditions.
Since Bitcoin is open and decentralized, anyone can set up a wallet and join the network without providing any personal information. Although all Bitcoin transactions are public and visible, it is not always easy to find each public address or transaction’s identity. This is what makes Bitcoin somewhat private – but not completely.
Peer-to-peer (P2P) transactions, which are made between two parties (without an intermediary), are more likely to remain anonymous. Noteworthy, Bitcoin users are supposed to use each wallet address only once as a way to preserve their privacy.
However, most cryptocurrency adepts and traders use third-party exchanges and eventually have their personal wallets linked to their exchange wallets, linked to their personal information. Hence, it is important to choose a trustworthy and secure exchange if you are into cryptocurrency trading.
Therefore, it is important to keep in mind that Bitcoin is not really an anonymous cryptocurrency, unlike many beliefs. Besides the recently created dusting attacks, many companies, research labs, and governmental agencies perform blockchain analyses to de-anonymize the blockchain.
Other Privacy and Security Concerns
While the Bitcoin blockchain is nearly impossible to hack, the wallets are a weak link in this cryptocurrency chain. Since users do not give up their personal information when they create an account, they cannot prove theft if some hacker gains access to their coins – and even if they could, that would be useless.
In fact, trying to follow up on Bitcoin theft is a futile enterprise for victims of that crime. If you hold Bitcoins in a personal wallet, which only you have access, you are acting as your own bank, and there is nothing you can do if you lose your private keys or your coins get stolen.
Privacy gets more and more valuable every day. Not only for the ones that have something to hide but for all of us. It is even more valuable for cryptocurrency traders and investors.
Along with dusting and other de-anonymizing attacks, you should also be wary of the other security threats that are evolving very quickly in the cryptocurrency space, such as Cryptojacking, Ransomware, and Phishing. Moreover, it would help if you considered installing a VPN along with a trustworthy antivirus on all of your devices. Also, make sure to encrypt your wallets and to store your keys inside encrypted folders.