Crypto dust is small amounts of cryptocurrency sent to a large number of wallet addresses with benevolent or malicious purposes.
Generally, dust is considered the amount of cryptocurrency equal to or lower than a transaction fee. Bitcoin, for example, has a dust limit imposed by Bitcoin Core, the Bitcoin blockchain software, of around 546 satoshis (0.00000546 BTC), the smaller denomination of Bitcoin (BTC). The wallets’ nodes that apply such a limit may reject transactions equal to or smaller than 546 satoshis.
Dust could also be the small amount of cryptocurrency that remains after a trade as a result of rounding errors or transaction fees and can accumulate over time. That small amount is not tradeable but can be converted into the exchange’s native token.
Crypto dust should not pose a significant threat, as it has mainly been used for legitimate rather than malicious purposes. For example, reaching out to wallet holders via dusting can be an alternative advertising method to more traditional mailshots. The dust transactions can contain promotional messages, so dusting is used instead of mailshots.
Despite not being a major concern, crypto users should still know what a dust attack is and take measures to protect themselves should it occur.
A dusting attack occurs when small amounts of crypto assets, called dust, are sent by malicious actors to multiple wallet addresses — just like dust — scattered across blockchain networks.
Blockchain technology is pseudonymous, meaning that owners of a cryptocurrency address are not defined by their names or any other personal data. However, the blockchain ledger is transparent and traceable; thus, all transactions are visible to everyone, and a user’s activity can be tracked down following the history of that specific address.
When attackers transfer dust to cryptocurrency wallets, they want to invade the privacy of their owners by tracking down their funds when they move them from one address to another. The attacker’s goal is not to steal cryptocurrency — as simple dusting won’t allow it — but rather associate the target’s address with other addresses that may lead to identifying the victim through off-blockchain hacking activity.
A crypto dusting attack can occur in most public blockchains, including Bitcoin, Litecoin and Dogecoin. A dusting attack aims to link the attacked addresses and wallets to the personal data of their related companies or individuals and use this knowledge against their targets, either through elaborate phishing scams, cyberextortion threats, blackmail or identity theft to make a profit.
Not all the crypto dust transferred to a crypto wallet’s address is a scam. Dusting can be used for reasons besides hacking activities.
A dusting technique may be used by governments to link a specific cryptocurrency address to an individual or an organization and identify a series of criminal activities, including money laundering, tax evasion, terrorist threats, etc., or to ensure regulatory compliance and safety.
Developers may also use dusting to conduct their software’s stress tests, a software testing activity extended beyond limits to determine the robustness of the software and other functionalities like transaction processing speed, network scalability and security protocols. This can help identify potential issues and vulnerabilities in the software, allowing developers to improve its performance and security.
Crypto traders tend to receive dust as a result of trades, and it’s not considered an attack. Many exchanges offer customers the chance to swap these small amounts of cryptocurrency for their native tokens to use in future trades or another cryptocurrency with a low transaction fee.
Malicious actors rely on the fact that cryptocurrency users don’t even realize they received tiny amounts of cryptocurrencies in their wallet addresses.
Of the way blockchains work, with their transparency and traceability, it is possible to track down transaction movements that may lead to the identification of wallet owners. For a dust attack to be effective, the owner of the wallet must combine the crypto dust with other funds in the same wallet and use it for other transactions.
By including a small amount of cryptocurrency in other transactions, the target of the attack may inadvertently and unknowingly send the dust to an off-blockchain centralized organization. As the centralized platform must comply with Know Your Customer (KYC) regulations, it will store the personal data of the victim, who may become vulnerable to phishing, cyberextortion threats, blackmailing and other targeted hacks off the blockchain aimed at stealing sensitive information.
The cryptocurrency addresses that are more vulnerable to dusting attacks are the UTXO-based addresses used in various blockchains, mainly Bitcoin, Litecoin and Dash, because they all generate a new address for each change remaining from transactions. UTXO prevents double-spending and is an unspent transaction output that remains after a transaction is executed and can be used as input on another transaction.
It’s like the change we receive from a merchant when we spend $9.59, for example, after giving a $10 bill. Just like that tiny change can be used in other money transactions later, the crypto dust from multiple addresses can be spent in other transactions. By detecting the origins of funds from the dust attack transaction, the attackers can use advanced technological tools to trace a thread to determine the victim’s identity.
A traditional dusting attack cannot be used to access users’ money and steal their crypto assets. However, hackers’ increasingly sophisticated tools can trick wallet holders into phishing sites and drain their funds.
A traditional dusting attack is used to identify the individuals or groups behind the wallets, deanonymize them, and break their privacy and identity. Such activities cannot steal cryptocurrency directly but are aimed at detecting victims’ social activities — tracked down through the combination of different addresses — to then blackmail them, for example.
Over time and with the technology’s new use cases, such as nonfungible tokens (NFT) and decentralized finance (DeFi), attackers have become more sophisticated and have learned to disguise scam tokens as airdrops of free cryptocurrency. The wallet holders can access these appealing free tokens by claiming them from popular NFT projects on phishing sites created by hackers that seem legitimate. Such sites are so similar to the authentic ones that it’s difficult for the average cryptocurrency enthusiast to differentiate one from another.
The phishing sites won’t steal usernames and passwords but will convince the victim to connect their wallet to the malicious sites. By granting these phishing sites permission to access their wallets, the unknowing victim enables the hacker to move their funds and NFT assets to their wallets, stealing crypto using harmful lines of code in smart contracts.
Increasingly, dusting attacks occur on browser-based wallets like MetaMask and the Trust wallet, which are primarily used as a getaway to decentralized applications (DApps) and Web3 services. Browser-based wallets are particularly vulnerable to dusting attacks because they are more accessible to the public and can be more easily targeted by hackers or scammers.
A clear indicator of a dusting attack in a wallet is the sudden appearance of small amounts of extra cryptocurrency unsuitable for spending or withdrawing.
The dusting attack transaction will appear in a wallet’s transaction history, so verifying if any malicious dusting deposits occurred should be easy. Concerning how cryptocurrency exchanges operate and comply with KYC and Anti-Money Laundering (AML) regulations, they will store their customers’ data, making them a possible target of cryptocurrency scams.
In October 2020, Binance suffered a dusting attack with small amounts of BNB (BNB) sent to multiple wallets. Once the victim sent the dust in combination with other funds, they received a transaction confirmation with a malware link with an offer that would trick the victim into clicking on it and becoming unknowingly hacked.
Following a dusting attack, a cryptocurrency provider, like an exchange or a wallet, is usually encouraged to take strict measures to prevent future episodes.
In late 2018, the Samourai Wallet developers warned some of their users that they were experiencing a dusting attack and asked them to mark UTXO as “Do Not Spend” to tackle the issue. A real-time dust-tracking alert and an easy-to-use feature to mark suspicious funds with a “Do Not Spend” note were soon implemented by the wallet’s developers team to help users better protect their transactions against future attacks.
While it’s unlikely for cryptocurrency users to become victims of dusting episodes, they should still take a few steps to protect themselves against such crypto attacks.
Due to increasingly high transaction fees, especially on the Bitcoin blockchain, it’s become more expensive for a hacker to launch a crypto dusting attack compared to a few years ago. Still, cryptocurrency users should take a few steps to secure their funds.
Since dusting attacks rely on combining analysis of multiple addresses, if a dust fund is not moved, the attackers cannot track a transaction that doesn’t occur to make the connections they need to “deanonymize” the wallets.
Simple measures, including due diligence and education, can go a long way toward tackling these attacks. However, more elaborate methods can also be used to protect a wallet’s funds, and here are some of the most effective practices available:
- Use privacy tools like The Onion Router (TOR) or a virtual private network (VPN) to increase anonymity and strengthen security.
- Use a hierarchical deterministic (HD) wallet to automatically create a new address for each new transaction, making it difficult for hackers to trace the thread of your transactions.
- Use dust conversion services that automatically swap crypto dust into native tokens to use in future trades.
Taking these steps should help users protect their funds. Nevertheless, cryptocurrency users should be aware of other cyber threats besides dusting and deanonymizing attacks. For instance, ransomware is malware designed to deny a user or organization access to their digital files until a sum of money is paid.
Cryptojacking is a type of cybercrime where a criminal secretly uses a victim’s computing power to mine cryptocurrency. Cryptocurrency can be useful and efficient technology but can also be at the mercy of malevolent actors who work primarily to steal data and value. This is why users should always use caution and be aware of its risks when dealing with cryptocurrency.