A dusting attack refers to a new kind of malicious activity where hackers and scammers try and break the privacy of Bitcoin and cryptocurrency users by sending tiny amounts of coins to their personal wallets. Many Bitcoin adepts operate under the assumption that their anonymity is well protected against efforts to infiltrate their transactions, but unfortunately, that is not the case.
In the language of cryptocurrencies, the term dust refers to a tiny amount of coin or token - an amount that is so small that people tend to ignore. Taking Bitcoin as an example, the smallest unit of the currency is 1 satoshi (0.00000001 BTC) and we could refer to a couple hundreds of satoshis as dust.
In other words, dust is a tiny transaction or amount that is not even worth sending because it is much smaller than the transaction fees. Within cryptocurrency exchanges, dust is also the name we give to tiny amounts of coins that “get stuck” and are not tradeable.
Most people do not take notice of their wallet’s dust and rarely worries about its origin. Until recently, it was totally okay to not pay attention to these tiny amounts on your wallets, but with the creation of dusting attacks, we can no longer say that.
Scammers recently realized that Bitcoin users do not pay much attention to these tiny amounts showing up in their wallets, so they began "dusting" a large number of addresses by sending a few satoshis to them. They then started to track those funds and all transactions of those dusted wallets, which allowed them to link addresses and to eventually determine the companies or individuals behind those wallet addresses. This knowledge can later be used to construct targeted phishing attacks or attacks such as cyber-extortion on unaware victims.
I know who you are, pay me and I will not reveal your identity
Dusting attacks were initially performed with Bitcoin but they are also happening with other cryptocurrencies that are running on top of a public and transparent blockchain.
In late October 2018, developers of the Bitcoin's Samourai wallet announced that some of their users were under dusting attack. The company sent out a tweet warning their users and explaining how they could protect themselves. In order to protect their users against dusting attacks, the wallet now offers a real-time alert for dust tracking as well as a “Do Not Spend” feature that enables the users to mark those suspicious funds and avoid using them in future transactions.
If a dust fund is not moved, attackers are not able to make the connections they need to "de-anonymize" the users of that wallet or the address owner. Samourai wallet already has the ability to automatically report transactions below the limit of 546 satoshis, which offers some level of protection. This limit is automatically adjusted by the software based on current market conditions.
Since Bitcoin is open and decentralized, anyone is able to set up a wallet and join the network without providing any personal information. Although all Bitcoin transactions are public and visible, it is not always easy to find the identity behind each public address or transaction and this is what makes Bitcoin somewhat private - but not completely.
Peer-to-peer (P2P) transactions, which are the ones made between two parties (without the involvement of any intermediary) are more likely to remain anonymous. Noteworthy, Bitcoin users are supposed to use each wallet address only once, as a way to preserve their privacy.
However, most cryptocurrency adepts and traders make use of third-party exchanges and will eventually have their personal wallets linked to their exchange wallets, and thus, linked to their personal information. Hence, if you are into cryptocurrency trading, it is important to choose a trustworthy and secure exchange.
Therefore, it is important to keep in mind that, unlike many tend to believe, Bitcoin is not really an anonymous cryptocurrency. Besides the recently created dusting attacks, there are many companies, research labs, and governmental agencies performing blockchain analyses as a way to de-anonymize the blockchain.
While the Bitcoin blockchain is nearly impossible to hack, the wallets are a weak link in this cryptocurrency chain. Since users do not give up their personal information when they create an account, they cannot prove theft if some hacker gains access to their coins - and even if they could, that would be useless.
In fact, trying to follow up on Bitcoin theft is a futile enterprise for victims of that crime. If you hold Bitcoins in a personal wallet, which only you have access, then you are acting as your own bank and there is nothing you can do in case you lose your keys or your coins get stolen.
Privacy gets more and more valuable every day. Not only for the ones that have something to hide but for all of us. It is even more valuable for cryptocurrency traders and investors.
Along with dusting and other de-anonymizing attacks, you should also be wary of the other security threats that are evolving very quickly in the cryptocurrency space, such as Cryptojacking, Ransomware, and Phishing. Moreover, you should consider installing a VPN along with a trustworthy antivirus in all of your devices. Also, make sure to encrypt your wallets and to store your keys inside encrypted folders.