What is a Dusting Attack?


A dusting attack refers to a relatively new kind of malicious activity where hackers and scammers try and break the privacy of Bitcoin and cryptocurrency users by sending tiny amounts of coins to their personal wallets. The transactional activity of these wallets is then tracked down by the attackers, who perform a combined analysis of several addresses as an attempt to identify the person or company behind each wallet.

What is dust?

In the language of cryptocurrencies, the term dust refers to a tiny amount of coins or tokens - an amount that is so small that most users don’t even notice. Taking Bitcoin as an example, the smallest unit of the BTC currency is 1 satoshi (0.00000001 BTC), so we may use the term dust to refer to a couple of hundreds of satoshis.

Within cryptocurrency exchanges, dust is also the name given to tiny amounts of coins that “get stuck” on users’ accounts after trading orders are executed. Dust balances are not tradeable, but Binance users are able to convert them to BNB.

When it comes to Bitcoin, there is no official definition for dust because each software implementation (or client) may assume a different threshold. The Bitcoin Core defines dust as any transaction output that is lower than the fees for that transaction, which leads to the concept of dust limit.

Technically speaking, the dust limit is calculated according to the size of inputs and outputs, which normally computes to 546 satoshis for regular Bitcoin transactions (non-SegWit), and 294 satoshis for native SegWit transactions. This means that any regular transaction equal to or smaller than 546 satoshis will be considered spam and are likely to be rejected by the validating nodes.

Dusting attacks

Scammers recently realized that cryptocurrency users do not pay much attention to these tiny amounts showing up in their wallets, so they began "dusting" a large number of addresses by sending a few satoshis to them. After dusting multiple addresses, the next step of a dusting attack involves a combined analysis of those various addresses in an attempt to identify which ones belong to the same wallet.

The goal is to eventually be able to link the dusted addresses and wallets to their respective companies or individuals. If successful, the attackers may use this knowledge against their targets, either through elaborated phishing attacks or cyber-extortion threats.

Dusting attacks were initially performed with Bitcoin, but they are also happening with other cryptocurrencies that are running on top of a public and traceable blockchain.

In late October 2018, developers of the Bitcoin's Samourai Wallet announced that some of their users were under dusting attacks. The company sent out a tweet warning users about the attacks and explaining how they could protect themselves. The Samourai Wallet team implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that let users mark suspicious funds, so these are not included in future transactions.

Since dusting attacks rely on a combined analysis of multiple addresses, if a dust fund is not moved, attackers are not able to make the connections they need to "de-anonymize" the wallets. Samourai Wallet already has the ability to automatically report suspicious transactions to their users. Despite the dust limit of 546 satoshis, many dusting attacks today are well above it and are usually ranging from 1000 to 5000 satoshis.

Bitcoin pseudonymity

Since Bitcoin is open and decentralized, anyone is able to set up a wallet and join the network without providing any personal information. Although all Bitcoin transactions are public and visible, it is not always easy to find the identity behind each public address or transaction, and this is what makes Bitcoin somewhat anonymous - but not completely.

Peer-to-peer (P2P) transactions are more likely to remain anonymous because they are performed without the involvement of any intermediary. However, many cryptocurrency exchanges collect personal data through KYC verification processes, meaning that when users move funds between their personal wallets and exchange accounts, they are taking the risk of being somehow de-anonymized. Ideally, a brand new Bitcoin address should be created for every new receiving transaction or payment request as a way to preserve users privacy.

It is important to keep in mind that, unlike many tend to believe, Bitcoin is not really an anonymous cryptocurrency. Besides the recently created dusting attacks, there are many companies, research labs, and governmental agencies performing blockchain analyses in an attempt to de-anonymize blockchain networks - and some argue they already made significant progress.

Closing thoughts

While the Bitcoin blockchain is nearly impossible to hack or disrupt, the wallets often present a significant point of concern. Since users do not give up their personal information when creating an account, they cannot prove theft if some hacker gains access to their coins - and even if they could, that would be useless.

When a user holds their cryptocurrencies in a personal wallet, they are acting as their own bank, which means there is nothing they can do in case they get hacked or lose their private keys. Privacy and security are getting more and more valuable every day, not only for the ones that have something to hide but for all of us. And those are particularly valuable for cryptocurrency traders and investors.

Along with dusting and other de-anonymizing attacks, it is also important to be wary of the other security threats that are part of the cryptocurrency space, such as CryptojackingRansomware, and Phishing. Other security measures may include installing a VPN along with a trustworthy antivirus in all of your devices, encrypting your wallets, and storing your keys inside encrypted folders.