Have you received a small amount of unsolicited Litecoin into your wallet? You may be a victim of the large scale Dusting Attack on Litecoin. The number of attacking techniques is rising in the crypto world. In June 2019, there was a large scale security breach on Binance and hackers stole funds worth $41 Million. The exchange also suffered a KYC breach in the past week. Japanese exchange Bitpoint lost $30 Million to a recent hack and new hacking techniques emerge every few weeks. Hackers try to access passwords, wallet and personal information of users, or abuse system resources for mining. In this article, you’ll learn more about dusting attacks and how to protect yourself from one.
A dusting attack is a malicious activity in which hackers break the privacy of wallet holders by sending them tiny amounts of cryptocurrencies to their wallets. They track down the transaction activity of these wallets and identify the individual or exchange behind each wallet. Dusting attacks started with Bitcoin and now they are targeting all cryptocurrencies that run on top of a public and traceable blockchain. Binance shared the link to one of the many transactions that plagued the Litecoin network. You can check it here.
What is dust?
Dust is the tiny amount of crypto that gets stuck in a user’s wallet after executing trade orders, or exchanging one cryptocurrency for another, within a cryptocurrency exchange. This tiny amount of crypto is not tradeable but on an exchange like Binance, users can convert it to BNB.
The Bitcoin Core defines dust as any transaction output that is lower than the fees for that transaction, which leads to the concept of dust limit. Dust limit is calculated according to the size of inputs and outputs, which generally computes to 546 satoshis for regular Bitcoin transactions. This means that any regular transaction smaller than 546 satoshis will be considered spam and will be rejected by the validating nodes. Many dusting attacks today are well above it and are usually range from 1000 to 5000 satoshis. Most users don’t notice small transactions in their wallets. 1000 Satoshis is a tiny amount and most users don’t track the details of the transaction’s origin. Scammers take advantage of this fact and send dust to several addresses at once.
Why are wallets susceptible to hacks?
While the blockchain network is impossible to hack, wallets are vulnerable to hacks. This is a major challenge faced by cryptocurrency traders. When users hold funds in their personal wallet, they are responsible for a hack or loss of private keys, but exchange wallets have always been more susceptible to hacks. Insurance funds like Binance’s SAFU (Secure Assets Fund for Users) cover the losses incurred in a hack.
What’s next after a dusting attack?
Once Dust lands in a wallet, hackers track all transactions, and link addresses and companies to whom the wallet belongs. This information is then used to orchestrate large scale phishing attacks, cyber blackmail or target hacks on victims.
How can you protect yourself?
- Dusting attacks rely on an analysis of multiple addresses, hence if the dust is not moved, attackers won’t be able to “de-anonymize” the wallet.
- It is a good practice to use wallet addresses only once. This will ensure that your transactions don’t get tracked.
- Cryptocurrency exchanges link your wallet address to your account’s password and KYC details. This is not a safe practice, so it is recommended that you trade on secure and trustworthy exchanges. Before picking an exchange for trading, check out their digital asset insurance and security infrastructure.
- Some wallet manufacturers have incorporated Dust Tracking features such as “Do Not Spend” in the wallet, that allows users to mark suspicious transactions. The number of Satoshis is automatically adjusted by manufacturers and price action.
Beyond dusting, there are several other de-anonymizing attacks on cryptocurrencies and it is important to be wary of security threats like Phishing, Ransomware, and Cryptojacking. Common security measures include installation of a trustworthy antivirus and VPN, encrypting your wallets and storing private keys securely. Be sure to read the 5 Crypto Wallet Lessons and keep yourself and your funds safe.