- Toshendra Kumar Sharma
- August 26, 2019
A dusting attack is a relatively new kind of malicious activity used by scammers and hackers to hinder the privacy of Bitcoin and cryptocurrency users. This is done by sending limited amounts of coins to their personal wallets. Attackers track down the transactional activity of these wallets. They then perform a combined analysis of several addresses in an attempt to identify the company or individual behind each wallet.
Understanding The Term ‘Dust’
In cryptocurrency language, dust means a tiny amount of coins or tokens- an amount which is too small that it is not even noticed by many users. Considering the example of Bitcoin, the smallest unit of Bitcoin currency is one satoshi. So, the word dust may denote a couple of hundreds of satoshis. In a cryptocurrency exchange, dust also refers to ‘tiny amounts’ of coins that ‘get stuck’ to the accounts of users after the execution of trading orders. Though dust balances cannot be traded, Binance allows users to convert them to BNB (Binance coin).
How Does A Dusting Attack Work?
To undermine the protection provided for the working of your wallet, the attacker sends a UTXO to one of your addresses. The background for this is the functionality of your wallet. We are now aware that your wallet manages several UTXOs of different sizes on different addresses. Now, if you want to send a certain amount, your wallet will raise the amount by combining different UTXO with each other. Your wallet creates transactions through multiple inputs.
The attacker is waiting for your wallet to use the UTXO which he sent for the next transaction and to combine it with UTXOs from your other addresses. Using UTXOs from different addresses for the transaction reveals to the attacker that all the addresses are controlled by you. From this point on, the attacker will be able to track the network of addresses managed by your wallet.
How Does The Attacker Get Your Identity?
The central intersections are the weak points in the system. In crypto exchanges, users need to register with correct data to participate in trading. When a user registers, a corresponding wallet is set up for him, which he uses to trade on the exchange. Usually, a wallet is assigned to a specific identity. It is critical for the anonymity of each user if he sends coins from his personal wallet to the wallet which has been assigned to him. At this point, the attacker will be able to establish a direct connection between the previous anonymous wallet and the non-anonymised wallet. The pattern of transactions will then reveal if the owner is the same or not. The attacker uses this knowledge to attack victims in a targeted manner. This might be phishing attacks (an attack used to steal user data) or blackmail.
Protecting Yourself From Dusting Attacks
If you care about privacy, there are certain extra efforts you would need to put in from your side. Educating yourself about the dusting process is the first and foremost step. The second step is to understand that dusting attacks take place because most of the cryptos operate on a transparent, public blockchain. The two options available for you to be safe are:
1. Confuse The Attacker
In this step, you will cloud your movement by confusing blockchain surveillance. Use VPN to shuffle your coins. Be sure to use different addresses each time you transact or send funds to someone.
2. Use Privacy Options
Use the in-built privacy features to block your attacker view. Use Litecoin’s Lightning Network to send transactions as transactions happen off-chain and cannot be monitored.
Binance-Litecoin Dusting Attack- What Is It?
On 10 August, the global cryptocurrency exchange Binance revealed that fifty Binance-Litecoin addresses had received 0.00000546 LTC. Binance deemed this as being part of a large-scale dusting attack. James Jager, the project lead at Binance Academy, was the first person to identify the attack, and he stated as follows:
“It was network-wide, which meant it affected all users of litecoin that had an active litecoin address at the time…We became aware of the dusting attack on Saturday morning when one of our binance angels had received a small amount of LTC into their litecoin wallet.”
The Co-founder of Glassnode, the blockchain data provider, Jan Happel, looked into the attack and confirmed that approximately 3,00,000 addresses were affected instead of the first fifty, which were reported by Binance. Glassnode then quickly surveyed the Litecoin blockchain and analyzed all the UTXOs, which has a less transaction balance than the mean transaction fee of that particular day. A UTXO which is less than the mean fee cannot be spent and acts as ‘dust.’ UTXO, which stands for Unspent Transaction Output, is similar to a banknote or coin. It is like the money in your wallet. Glassnode reported that the dusting affected 294,582 addresses. Glassnode also discovered that a similar attack which happened in April this year was not reported. James Jagger has also reported that the attacker who was responsible for this attack reached out to them. Apparently, the owner owns mining pools which are based out of Russia. The attacker has mentioned that his intent was to advertise their services and not to cause panic.
Conclusion
Though blockchains are impossible to hack or disrupt, wallets are often a point of concern. As users don’t share their personal information while creating the account, they cannot prove theft in case a hacker gains access to their coins, and even if they do, it is useless. So, bottom line, it is important to be aware of the dusting attack, de-anonymizing attack, and several other security threats which are a part of the cryptocurrency space. Security measures which you can take to stay away from these attacks are encrypting your wallets, installing a VPN along with a trustworthy antivirus, and storing keys inside encrypted folders.