Dusting Attacks – EMCD Tech LTD.
A dusting attack is a new kind of malicious activity, one that is gradually gaining traction. It allows hackers and scammers to try and dismantle the privacy of Bitcoin and cryptocurrency users. To do this, they send out tiny amounts of coins to their personal wallets. The attackers will then track the activity of these wallets. They can then perform a collective analysis of multiple addresses, which allows them to identify wallet owners.
How Do Dusting Attacks Work?
Scammers send out tiny amounts of random cryptocurrencies to multiple addresses. These amounts are called ‘dust’. They can be as low as just one satoshi, so users don’t pay much attention when they appear in their wallets and therefore don’t suspect any danger.
Scammers expect users to spend the ‘dust’ together with their UTXO (Unspent Transaction (TX) Output, which is basically the amount of leftover cryptocurrency change that you receive from each transaction). After the ‘dust’ is mixed up with the main balance in the wallet and the user spends it, the scammer can identify the user and track their payment addresses, including those generated thereafter.
At any given time, all cryptocurrency data in the wallet is the unspent transaction output, i. e. it is cryptocurrency which was received to your wallet but hasn’t been spent yet.
The wallet generates new addresses for each transaction. This is done to ensure safety: as an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner.
The scammer’s goal is to ‘dust’ a large number of addresses to then track their transactional activity and based on a combined analysis of these addresses, identify which addresses belong to a certain user. Hackers can take advantage of this information.
Are Dusting Attacks Really So Dangerous?
As a general rule, those who are victims of dusting attacks are typically cryptocurrency holders that are unaware. But is there a reason to worry?
In fact, dusting attacks aren’t as dangerous as they are described on the Internet. They are basically not even attacks. In most cases, they are just spam. When wallets are ‘dusted’, the transaction has an ad or some other information attached. This marketing ploy has been popular with many companies.
As for the big market players, the knowledge of countless addresses belonging to a company can be quite impactful. Not only will it affect the company itself but it can also affect the entire industry as a whole. These companies should take this threat seriously, while there is no reason to worry for regular cryptocurrency holders.
Several Major Dusting Attacks
There have been several major dusting attacks recently. Initially, they were performed predominantly with Bitcoin, but now they occur with other cryptocurrencies as well.
Samourai Wallet Attack
In late fall of 2018, developers behind Bitcoin’s Samourai Wallet made an announcement regarding some of their users experiencing dusting attacks. The company went on to release a tweet warning other users about the attacks. They later explained the ways in which they could protect themselves. The team promptly implemented a real-time alert for ‘dust’ tracking in addition to a ‘Do Not Spend’ feature. This allowed users to mark suspicious funds so they do not include them in future transactions.
In order for a dusting attack to be successful, they have to rely on an analysis of multiple addresses. Should ‘dust’ not be moved, then the attackers are unable to make the connections they need for removing wallet anonymity. Samourai Wallet is already capable of automatically reporting suspicious transactions to their users.
Dusting Attacks As a Marketing Tool
Dusting attacks can be used as a marketing tool to promote services or increase product awareness. For example, Steemit is a social media platform which users receive small Steem amounts to their wallets along with a message about some services offered.
Another example was when BestMixer.io, a cryptocurrency anonymizer, used ‘dust’ as a marketing tool. In fall 2018, BitCoin holders started receiving small amounts of BTC to their wallets from BestMixer.io along with a promotional message which described the service. BestMixer.io used it for effective targeting of potential users with minimum expense.
Similarly, cryptocurrency tokens are distributed for free on the Ethereum and Tron blockchain which is called AirDrop. There are several types of AirDrop, such as those which don’t require users to perform any actions to get their tokens and those which do (for instance, users are required to invite a friend or to complete their KYC).
Optical Illusion?
Another large-scale dusting attack occurred in 2019 and was widely discussed in the media. There was not a single news media in Russia which didn’t cover that attack with reference to cryptocurrency exchange Binance Academy and their Twitter account. The attack was discussed by international news media as well, while the person who first identified the attack was James Jager, project lead at Binance Academy. On August 10, the news about the potential attack on Litecoin was announced to the entire Binance community.
In the tweet, the team explained that around 50 Binance Litecoin addresses received a fractional amount (0.00000546) of Litecoin, which the exchange’s security team identified as a part of large-scale dusting attack.
Jan Happel, co-founder of blockchain data provider Glassnode, looked into the dusting attack to confirm its extent. Although Binance reported that 50 users had been affected, Happel believes that the scale was much more widespread, with almost 300,000 LTC addresses showing signs of ‘dusting’.
But this is just the tip of the iceberg.
Marketing Expert’s Mistake
“When you get coins to your wallet, even if you don’t know where they’re from, you try to understand who sent them to you and google the sender’s address” — thought one of our marketing experts who was looking for ways to attract new clients to our pool.
This is how he came up with an idea to send to all Litecoin miners, who had been active for more than two years, some litoshi. He decided to use the same address which, when googled, would lead to the only indexed site with an invitation to the pool.
LeEMCDHmvDb2MjhVHGphYmoGeGFvdTuk2K was the address used to send out several litoshi to around 17 million addresses (Jan Happel and James Jager were quite far from the truth in their estimates). As a result, only 10 new users registered at the EMCD pool and they have been mining Litecoin there to this day.
Unfortunately, neither Binance Academy nor media sites managed to get to the motives behind this AirDrop, and users never found out the true intent of that poor excuse for a marketing expert, yet users started discussing ‘dusting attacks’ on forums.
Do You Need to Defend Against Dusting Attacks?
If you are not really worried about your anonymity, forget about dusting attacks whatsoever. But if it is important to you, there are wallets which can add a ‘flag’ to satoshi received from an unknown address. This will allow you to identify dusting attacks easily. Unfortunately, not all wallets allow users to select UTXOs manually.
Unfortunately, other users’ motives aren’t always clear, especially with cryptocurrencies where every second project has proven to be a scam, so it’s hard to say for sure whether or not you should defend against dusting attacks. The FBI has long been using Bitfury Crystall to track the movement of funds and trace their sources in the US. So if you’re a scammer, they’ll use other measures against you besides dusting attacks. Otherwise, if your intentions are pure and you use your wallet to just keep your coin in, you shouldn’t worry about anything, because dusting attacks are used to only disclose your wallet address but not your identity.
emcd.io mining pool development team exclusively for medium.com
Published at Tue, 18 Feb 2020 00:28:40 +0000
