Blockchain technology has brought not just new ways of dealing with digital money and protecting your funds, but also new ways this technology can be hacked, the assets stolen and the security compromised. Even the security of blockchain networks that are supposed to be completely protected from any scam or fraud might get violated by the third-party invader.
In the case of a dusting attack, not everything is that straightforward and a dusting attack may not be called a hack in the normal understanding. But before getting to this part, let’s clarify what’s a dusting attack.
Dusting Attack Explained
A dusting attack is a relatively new type of malicious activity performed by sending a tiny amount of crypto to the users' wallets to compromise them. The malefactors track the wallet they send the assets to and they try to deanonymize the person or the company that holds funds.
Those particles of the coins are called dust. The name usually refers to tiny pieces of coins that are almost unnoticeable by the users. It can also mean the untradable tiny amounts left on the accounts of the users after performing crypto transactions. For example, a few hundred Satoshis can be called dust in terms of Bitcoin. Though there is no agreed number of coins to consider as dust — it may vary depending on different software implementations and a user. The Bitcoin Core, for example, states that dust is any amount smaller than the fees.
Not all users notice the change in the last digits of their crypto balance and this fact is used by malicious actors. They send the dust to numerous wallets and then perform complex analyses and use social engineering to find out if some of the particles belong to the same wallets. The goal is to find the real identities of the people and companies holding the assets. This knowledge can be used to perform phishing attacks or to threaten the holders. And that’s the end goal of dusting attacks.
The first attacks were performed on the Bitcoin network, but later they also spread over other blockchains.
As everything happens on the blockchain network, sending even a small amount of crypto means paying the fees. Since the commissions on the Bitcoin network went up, the number of dusting attacks has decreased, but they didn’t disappear completely.
How Are Dusting Attacks Possible?
While the blockchain platforms are meant to be completely secure they are also public and transparent, meaning anyone can see all the transactions on the networks. As users don’t need to provide any personal information when setting up an account, they would often use the exchanges and platforms requiring the KYC verification process. It means that the users risk being deanonymized when moving their funds between exchanges. The most secure way is peer-to-peer transactions because they don’t require intermediaries.
Who Uses Dusting Attacks?
The dusting attacks can be used by malicious actors who want to find the owners of the crypto wallets holding a lot of cryptos. Usually, it is used against the big holders. And for this reason, it can be also performed by governments and official institutions to find malefactors, huge gangs dealing the contraband, and big criminal networks that deal in crypto. Dusting attacks can be also used to find tax evaders and money launderers.
Mass dusting attacks can be used by researchers and blockchain analytic firms that study them or have contracts with governments. Importantly, the party that performs the dusting attack and the one examining the records don’t have to be the same. It is on the blockchain, so anyone who has knowledge and time can investigate the results.
The dusting attacks were also used for advertising to crypto users mainly by attaching the message to the transaction. Somehow it is similar to the massive of sending messages to multiple e-mails.
It can be also used as a stress test to see the throughput or bandwidth of the specific network. Or the malefactors might wanna clog and slow down the blockchain by performing thousands of transactions of tiny amounts.
Since the time when the first dusting attacks happened, a lot of software appeared offering protection from such a threat. Some wallets can even signal if they became a victim of such a hack. Despite this, until now it is hard to say for sure if the users can still get affected by the dusting attacks. At the same time, if you are not a whale the dusting won’t hurt or affect you much.