Since most cryptocurrencies in use today are open and decentralized, anyone can join the network and set up a wallet without providing any personal or identifying information. This is what makes cryptocurrencies somewhat anonymous. But not completely.
Although it is not always easy to find the identity behind a wallet address, each crypto transaction is publicly recorded on the blockchain and open for anyone to see. Therefore, technically, cryptos are not really anonymous but pseudonymous currencies. As such, it leaves users susceptible to a new kind of crypto fraud known as dusting attacks.
What is a Dusting Attack?
A dusting attack is a way in which an attacker steals a crypto user’s anonymity. This is done by analyzing transactions on the blockchain to deanonymize users in a process known as dusting. What may appear as a shower of small amounts of money or ‘dust’ sent to a wallet address could actually be a scam that can help the attackers narrow down on the identity of the user behind a wallet address. Hackers just need a little identifying information such as a pattern of addresses or locations to do a lot of damage on their targets.
What is dust?
In the world of cryptocurrencies, the term ‘dust’ refers to very small amounts of tokens or coins sent to a wallet, often in such insignificant amounts that the wallet’s owner may not notice in his/her balance. For Bitcoin, dust can be multiple amounts as little as 1 Satoshis (0.000000001 BTC). Dust can be hundreds of these tiny amounts sprayed by an attacker throughout the blockchain network with the hope that some of the amounts will ‘get stuck’ on the victim’s wallet.
At the core of cryptocurrency transactions, there is the concept of unspent transactions or UTXO. For every transaction carried out and recorded on the blockchain, there is a record of the input and the output. The output part of the transaction has two elements – the first goes to the recipient of the transaction, and the second returns to the sender as change.
In every successful transaction, the change that goes back to the sender is what makes up the UTXO and automatically becomes a part of the wallet’s UTXO set. The next transaction carried out by the owner of the wallet will include the UTXO from the set.
How a dusting attack works
The next step of the dusting attack is dependent on the victim unknowingly spending the dust. Since the balance amount in their wallet will automatically be a sum of what they had before and after the dust, most victims never realize when they spend it. The attacker will then track the dust funds and eventually deanonymize the owner of the wallet.
Despite how simple it may seem, deanonymizing the identity of a wallet owner is not a straightforward process. The way cryptocurrency wallets work is that a single wallet can generate several addresses when a transaction is initiated. Some tech-savvy and informed users have even set up their wallets such that they use a different address every time they carry out a transaction. The attacker will have a chance to attack only when the wallet owner combines UTXOs from several different addresses along with the dust amounts from those addresses.
By continuously analyzing the addresses on the blockchain network and comparing them with the information from the dust sprayed on the network, an attacker may track back addresses and ultimately find the network of addresses that manage a user’s wallet. The analysis is possible despite the large number of transactions carried out on the blockchain network because the hackers narrow down the transactions using transaction amounts, transaction times, and even exchanges.
The endgame in a dusting attack
What we have covered so far is the preparation stages in a dusting attack. The goal of this form of fraud is to link the dusted addresses with wallets and ultimately single out a wallet address to which they can trace the individual or company operating it. If a dusting attack is successful, the hackers will use this information against their targets, often through elaborate extortion schemes or through old school techniques such as phishing.
In the past, dusting attacks happened only on the Bitcoin cryptocurrency network. Of late, though, there are more of such cases on other cryptocurrencies. Just the other day, a network-wide attack on the litecoin network affected all users who had active addresses at the time of the attack, as reported on the Coin Telegraph. A quick analysis on the LTC blockchain revealed that over 300,000 addresses had been sprayed with dust, showing just how serious this form of attack is growing to be.
Back in October 2018, Bitcoin users who had Samourai wallets were the targets of dusting attacks. Upon noticing the attempts, the developers of the wallet responded in a tweet, alerting their users and explaining how to better protect themselves against the attack, which was still very new then. They then implemented a ‘DO NOT SPEND’ feature that marks suspicious funds sent to its users so that the dust is not included in any future transactions automatically.
The dangers of dusting
While almost all cryptocurrency blockchain networks today are almost impossible to disrupt or hack, users’ wallets are the weak points where attackers are focusing on when carrying out dusting attacks. Dusting and de-anonymizing attacks are not easy to pull off and may not be severe on their own, but it is important that users are educated on the damage that hackers can do when they know who they are.
Since Dusting attackers could use the information they harvest for other more serious attacks such as cryptojacking, phishing, and ransoming, it is important that cryptocurrency users understand the importance of putting in place measures to protect themselves from the moment they choose to open a cryptocurrency wallet. These may include using VPNs every time they access their wallets or the blockchain network, encrypting wallets, setting up different addresses for each transaction, and storing their keys in encrypted folders.