How dangerous is a crypto dusting attack?
Crypto attracts a crowd of malicious actors whose tactics are quite elaborate. Users familiar with ransomware or cryptojacking could still be targeted in a dusting attack. Using tiny amounts of crypto, senders can spread shady advertising or de-anonymize wallet holders for cyber extortion threats. Should you be worried?
What is crypto dust?
The term dust refers to a minuscule amount of crypto. For example, the smallest fraction of BTC (0.00000001 BTC) is called a satoshi. Most wallets cap transactions at 546 satoshis, but many attacks involve amounts between 1,000 and 5,000 units.
What is a dusting attack?
During the attack, tiny amounts of crypto are sent to thousands of addresses on a network. As all blockchain data is public, the sender then tries to de-anonymize the recipients through their future transactions including the dust. They perform a compound analysis of crypto addresses and find the ones belonging to the same wallet.
Next, the holder’s identity is tracked down. This part of the attack is relatively obscure. A possible example is spotting mentions of the payments on social media. Another version involves linking addresses to public data — for instance, if the holder has shared their name and BTC address to collect tips.
Once criminals de-anonymize a victim, they use social engineering methods to seize their funds. Phishing, blackmailing, and crypto-extortion are commonly associated with dusting. However, it is also carried out with good intentions.
Who performs dusting attacks?
Dusting is not always used as an offensive red-hat strategy. Aside from contributing to malicious activity, it helps governments avert it. A user can receive tiny amounts of crypto from:
- Criminals intending to de-anonymize users with large crypto holdings. Subsequently, they may target the victims through phishing attacks, cyber-extortion, or even physically (to get a cyber ransom). Dusting can also throw the authorities off their trail as bits of dirty money get dispersed around the crypto space.
- State authorities (for example, tax authorities or law enforcement) that want to connect an individual or entity to an address. This method may be used to expose smugglers, money launderers, criminal networks, and tax evaders.
- Blockchain analytics firms that work for the government or study dust for academic purposes.
- Entities that want to advertise to crypto users. In this case, promotional messages accompany the transactions, so dust is used instead of a mailshot.
- Developers conducting stress tests. They may check the throughput of a network by quickly sending a massive amount of dust.
- Spammers that want to clog a network by sending massive batches of sham transactions.
As you can see, dusting per se is a technique rather than an attack. It is not inherently evil. Different parties send dust, and anyone can analyze the results as the blockchain data is public. A blockchain analytics firm can dissect criminal dusting attacks, while cybercriminals can examine dusting by law enforcement.
The presence of crypto dust does not mean your privacy has been broken! First, it may be an innocuous byproduct of exchange. Secondly, receiving scammy crypto does not de-anonymize you or give anyone control of your funds (read on to learn more).
If you notice the smallest denominations of tokens in your wallet, check their origin first. Lately, these attacks have become less common due to rising network fees. No major consequences have been reported.
UTXO as a crucial component of dust attacks
Unspent Transaction Output reflects a blockchain transaction output that becomes an input in a new transaction. In layman’s terms, a UTXO shows how much crypto remains after execution, just like a physical change in coins or bills.
Suppose you have 1 BTC and pay someone .5 BTC. During the transaction, the entire balance (1 BTC) will be sent to the recipient, and the remainder (.5 BTC) will be sent back. Only a minority of crypto transactions involve whole numbers, so most of them generate UTXOs.
After execution, any remainders are recorded as inputs to make them usable for other transactions. UTXOs are processed continuously — they are part of the beginning and ending of each transaction. Any transfer generates one UTXO for the sender and one for the receiver, as shown in this diagram.
Thus, each UTXO shows the amount of crypto spent or received. Users typically have multiple UTXOs, all of which are public and associated with the respective networks. The sum of all unspent coins in every UTXO defines the account balance.
Connecting multiple addresses
UTXO-based cryptoassets include BTC, LTC, DASH, DCR, BCH, BTG, DGB, and BSV. With each of them, your balance comprises multiple addresses — the ones for receiving and the ones for changing. Connecting them is the purpose of a dusting attack.
Digital wallets with private keys issue multiple public keys. This security precaution prevents attackers from knowing when their dust is consolidated. Only analytic monitoring software can detect when it moves to another platform, wallet, or address.
Advertising through dusting
Using dusting for advertising may seem counterintuitive, yet it is still happening. In 2018, thousands of BTC wallets received 888 satoshi from a crypto mixer platform. The next year, a dusting attack to promote a Litecoin mining pool generated hundreds of thousands of transactions on the network.
A 2020 attack allegedly advertising a Bitcoin SV messaging app involved 84,000 dust outputs from 146 transactions. Each of them came with a message directing users to the app. While the dust amounted to around 1.147 BTC, the entity paid three times as much in transaction fees.
Signs of a dusting attack
Dusting attacks exist because users may ignore minute sums in their crypto portfolio. Some wallets owners mistake dust for interest on holdings, freebies from their exchanges, or airdrops. Here are three typical signs.
Dust in digital wallets
As we have mentioned, minuscule amounts of crypto may land in wallets for legit reasons. You can confirm a dust attack by sifting through your transaction history.
Phishing attacks or blackmailing
Suppose you have missed the infiltration, so the hackers have your personal data and IP. You can still detect other telltale signs like an influx of spam emails. In more serious cases, the holder’s data may be used for blackmail and extortion.
Links to a nefarious site
In October 2020, Binance users received tiny amounts of BNB. Unsuspecting users consolidated the dust with their own funds. Afterward, they received a confirmation memo with a link to malware in an enticing offer.
Dusting attacks: what to do
The best solution is to avoid any dust transaction — these amounts are untraceable unless used. If you spot a suspicious deposit, contact your wallet security team for guidance. The sheer size of dust payments makes them impossible to isolate for withdrawal or exchange. Only some platforms have a dedicated feature for converting dust.
Never click on any links accompanying suspicious transactions. Using a VPN will prevent anyone from detecting your IP address. You can move the funds you HODL to a hardware wallet, so they are disconnected from the blockchain. However, hardware wallets have their own risks.
Most digital wallets consolidate address balances automatically when a transaction is launched. Others let users mark specific UTXOs and exclude them from the aggregation.
Conclusion: How serious are dust attacks?
Legit and malevolent actors use dusting to identify wallet holders. In case of cybercrime, the rest boils down to social engineering, not technical exploits. Compared to clipping and switching, dusting is a minor concern. For the majority of users, it is merely a nuisance.
Unless you are a whale or live in a highly criminal area, simple precautions are enough. In case of suspicions, contact your security team — wallets and exchanges are adding new measures to combat dusting. Educate yourself about social engineering methods, and scammers won’t have a chance. Our in-depth overview of other crypto scams is coming soon, so stay tuned!