Attacks on Blockchain: Dusting Attack
We continue to tell you about all possible threats that can strike Blockchain, cryptocurrencies or your privacy. Today let’s talk about Dusting Attack – Crypto Dust Attack.
What is Dusting Attack
Cryptocurrency dusting attack is one of the most widely used malicious attacks on the blockchain to violate the privacy of cryptocurrency users.
This is a very sophisticated type of attack, which aims to allow hackers to violate the privacy and pseudo-anonymity of many cryptocurrencies. Another proof that computer security is not an easy task, and the same rule applies in blockchain technology. And all this despite all the complexity and use of cryptography in this technology. Despite this, this attack could jeopardize user privacy.
In this article, we will talk about the types of attacks and their risks. We will also understand how they are performed, what risks they pose and how we can protect ourselves against them. You will gain knowledge that will no doubt be very useful in protecting your most valuable asset: your privacy.
What really constitutes a dust attack?
A dust attack is an attack in which a trace amount of cryptocurrency, called dust, is sent to a large number of wallet addresses for the purpose of “de-masking” or address deanonymisation. Dust-assisted attacks are a tactic used by both criminals and law enforcement. Dust is nothing more than a small transaction that is treated in the blockchain as spam. Hackers use these small transactions as mass spam, which is reflected in users’ balance sheets.
A dust attack is an attack in which a small amount of cryptocurrency, called dust, is sent to thousands, and sometimes hundreds of thousands, of wallet addresses. This attack is carried out to track these addresses in the hope of “removing the mask” or de-anonymising them. Dust is present in most public blockchains, including Bitcoin, Litecoin, Bitcoin Cash and Dogecoin, among others.
How is the dusting performed?
Perform a dusting attack is not an easy task. It takes time, experience and knowledge that few possess. However, in essence, the dusting is done as follows:
You must have the necessary means to carry out small transactions with victims. Hackers must have funds in cryptocurrency that they will use to carry out an attack.
They need to know the limit value of dust for the cryptocurrency of their wallet and the blockchain network, thus ensuring the successful execution of small transactions. In BTC, for example, the dust limit set for Bitcoin Core is 546 satoshi. That is, from the moment that this limit value is reached, it is possible to make valid transactions, and they are considered dust.
A list of addresses of interest is compiled. This list will serve to define purposes. Usually target people actively working in cryptocurrency, or at crypto companies. Transactions are made to all target addresses. This is the start of a dusting attack.
Immediately after that, the transaction analysis and data mining start. Thus, if users make a transaction, hackers can track it. The analysis is performed not only on the blockchain, but also on any website that may be relevant to the goal. The idea is to create a very large “listening area” to capture any movement. Thus, any data produced will be captured, increasing the ability to determine the true identity of the target.
By choosing targets and their identities, hackers can find and develop other measures to coerce, defraud or steal from their targets. This is a stage of “capital recovery” from a malicious group.
Who’s behind the dusting attacks?
There are several categories of groups that carry out attacks with dust. Criminals use dusting to deanonymise those who hold large cryptocurrency assets. Those with large assets can be targeted for a variety of purposes, including phishing fraud and cyber extortion. Users with large assets in high-risk zones may also be subject to physical attack, or even kidnapping of their family members for ransom in cryptocurrency.
Government services, such as tax or law enforcement agencies, can also carry out a dust attack to link a person or group to an address. In particular, they can target drug trafficking gangs, large criminal networks, money laundering or tax evaders. Mass dusting is also used by blockchain analytics firms that study crypto-dust for academic purposes, or have contracts with government agencies.
It is important to note that the person or group who conduct an attack with dust and those who analyze the results do not necessarily owe one person. Because everything happens in the blockchain, anyone with the skills, tools and time can analyze crypto-dust after an attack. A criminal organization can study the effects of government use of dust, or a blockchain analytics firm can study dust applied by hackers.
For this reason, not all dust attacks are considered “attacks”. Mass dust distribution has also been used to advertise cryptocurrency users, primarily by sending out messages included in crypto-dust, which is comparable to sending emails. Perhaps you know that Bitcoin’s genesis block (the first block ever mined) included the message.
This mass application of dust can also be used as stress tests when large amounts of crypto dust are sent in a short period of time to test network bandwidth. Some say this dust is also a way to spam the net, sending huge batches of useless transactions that clog up, and slow it down significantly. Whatever the purpose, mass dusting can be applied for a variety of purposes, good or bad.
Dust can also be used as a protective agent. Let’s say the authorities are approaching a big crime syndicate. The syndicate can erase a host of wallets through which dirty money was laundered in an attempt to knock authorities off the trail.
There is some debate about how much addresses are tracked in dust attacks. As blockchain analytics improve, more effective countermeasures are emerging. Many governments and firms consider their technology property, and keep it in the strictest secret. Can the dust be traced despite various precautions? At this point, we really don’t know.
Dust attack costs
Fees associated with dust attacks often exceed the amount Satoshi spent. Even though the crypto-dust of thousands of wallets may be insignificant, attackers will still have to pay network fees to deploy a dust attack. As Bitcoin commissions grew, bitcoin dust attacks seem to have dwindled in popularity.
Dusting Attack Risks
You’ve probably already seen how really dangerous these types of attacks are. The main risk is violation of cryptocurrency user privacy. A situation that can sometimes endanger your life, or the lives of family members. It’s an extreme case, but anything can happen, and it’s best to anticipate everything. But how can one do that?
First of all, remember that blockchain transactions are public and can be viewed from the blockchain explorer. This means that the financial history of the address is visible and publicly available. It’s a situation that’s perfect for these actions. Does this mean that the blockchain system is unsafe? In fact, it doesn’t. In any case, if these transactions weren’t public, we would lose the transparency of the system.
At this point, the best thing we can do is protect our personal data and not disclose it publicly. The complexities in the interconnected world of web services that use our data as commodities, and there is our real enemy. It is not hard to imagine such sites and services: centralized services with privacy policies and the use of weak and incompatible data. Facebook is the world’s most famous case, but not the only one.
Hence the importance of being able to exercise full and real control over our data. The relevance of creating decentralized systems that give us the ability to do everything we do in the software we use. This is the epicenter of the spirit of action of crypto-anarchists and blockchain technology.
Why does this type of attack work if Bitcoin is anonymous?
Many people have joined the cryptocurrency boom, believing that cryptocurrencies inherently guarantee the anonymity of online payments. However, this is completely incorrect for the vast majority of existing cryptocurrencies, including the source of this whole movement – Bitcoin. Bitcoin certainly offers you a very high degree of privacy, but privacy is not the same as anonymity. It is the lack of anonymity that makes it possible to conduct an attack using dust
Simply put, Bitcoin is not anonymous like many cryptocurrencies existing today, except those created for this purpose. Naexample, Zcash and Monero.
Is it possible to completely avoid a dusting attack?
A dust attack can affect any cryptocurrency user without any differences. However, if we are careful with the information that is available online and the way we handle it, we can avoid its worst consequences and protect our identity and privacy.
Protecting yourself from dust – the task is not difficult, as for cryptocurrency users. Doing a simple series of steps can give us good protection against this practice. To achieve this, it is useful to keep in mind the following:
- First of all, protect your personal data. Full names, addresses, Social Security numbers or identification numbers, phone numbers, personal email addresses. This data may seem insignificant, but to a hacker it’s valuable information. It’s a start to create a social profile of the target and gateway to get more information than we can imagine.
- Do not reuse cryptocurrency addresses, let alone those that have been published on any public media. This prevents making it easier to create a data template that identifies us by address and our real identity.
- Use wallets that have means of countering dust attacks. A good example of such wallets is Samurai y Wasabi. Both wallets have security measures designed to ensure your privacy and even a degree of anonymity.
- Using an HD wallet that creates new addresses every time you make a transaction makes it hard to track. Some wallets also show dusty UTXO (unspent transaction outputs), which you can mark as “don’t spend.” Then those small amounts stay in your wallet and, if you never use them, no one will be able to track where they go.
- Some go online only through the Tor or VPN network.
Is it worth worrying about not getting dusted?
Unless you’re a whale (a person with large funds in the crypt), or live in an area where personal security or political instability is a common problem, most people will tell you that attacks dusts are more of an annoyance than a real problem.
Crypto dust in your wallets gives no one control over your funds, and privacy measures implemented in new wallets and exchanges have significantly reduced general concerns about this about. If you see tiny random transactions in your wallets, then you do not imagine wow, and do not worry. It’s just a little “dust.”
How to listing my coin/token to the SPACEBOT?
Application Form for Listing
Please Kindly Answer the Following Questions:
- 1. Coin Recommender
- 1.1 Anyone Introduces You to SPACEBOT?
- 1.2 Referral’s Name, Mailbox, Telegram Account
- 2. Introduction of the Project
- 2.1 Name of Project, supporting both Russian and English
- 2.2 Official Website
- 2.3 Documentation link (api for developers)
- 2.4 Symbol (url: coinmarketcap.com,coinpaprika.com etc.) ATTENTION: It’s a prerequisite! If information about your coin is not available on this resource, we can agreed and list it on coinmarketrate.com. Listing price from 10 ETH.
- 2.5 Offering Price (url: coinmarketcap.com,coinpaprika.com etc.)
- 2.6 Total Fundraising Amount (url: coinmarketcap.com,coinpaprika.com etc.)
- 2.7 Brief Introduction of your Project Covering its Positioning, Features , etc.
- 2.8 Expected Trading Pairs against BTC, USDT, ETH (url: coinmarketcap.com,coinpaprika.com etc.)
- 2.9 Anyone in Charge of the Project
- 2.10 Contact of Project Manager
- 2.11 Project promotion Channel like Website, Wechat Official Account, Twitter, etc.
- 2.12 Attachment of Source File of Token Logo
- 2.13 Is the Project Tokens Based on ERC20 (or other blockchain)?
- 2.14 Any Market Value Management?
- 3. Project Marketing ant Its Users Scale
- 3.1 Expected Listing Date
- 3.2 Users Community in Telegram, Twitter, Reddit, Slack, WeChat, QQ Group , etc. and Its Links and Scale
- 3.3 Media Reports and Links
- 3.4 Time and Place of Roadshow or Other Marketing Campaign？
- 3.5 Marketing Budget on SPACEBOT and Token price establishing margin
- 4. Qualifications
- 4.1 Basic Information of Team Members
- 4.2 Consultants or Public Figures
- 4.3 Early Investment
- 4.4 Whether Listed on Quote Platform，such as Feixiaohao ,CoinMarketCap, etc.
- 1. Notes for Listing
- 2. SPACEBOT the unique software, for co-production of cryptocerrency. SPACEBOT provides an opportunity to get a monthly increase in the productivity of the cryptovoltaic minting of PRIZM, BIP and other cryptocurrency due to the total increase of the balance in the network of blockages through the “Proof-of-Stake” system.
- 3. SPACEBOT is only responsible for verification of authenticity and legitimacy of projects. SPACEBOT will not evaluate the project, and not provide any moral and value endorsement. The digital assets team will take full responsibility for all illegal irregularities such as illegal fund-raising, pyramid selling, money laundering, gambling, drug abuse, fraud, being banker of the asset, etc.
- 4. The digital asset teams need to make preventive measure with SPACEBOT to keep away from crushing the market. Otherwise we will end the cooperation.
- 5. SPACEBOT will remove the project from the list if : The dissolution of team keeps our client away from mining, transferring, block inquiring, etc. No investors trade, hold, use this token; technical failure which affect mining, transferring, block inquiring, etc. The team has some illegal irregularities such as illegal fund-raising, pyramid selling, money laundering, gambling, drug abuse, fraud, being banker of the asset, etc.
How to register a new users on SPACEBOT?
Registration on SPACEBOT is available only via the referral link which you can get after bonding 100 coins to the pool.
In order to get the link through the Telegram bot:
1. Send 100 coins to the wallet given by the bot: Wallet – Deposit
2. Bond 100 coins to the pool: Wallet – Deposit for paramining
3. Skip to ‘Affiliate program’ section and copy your referral link
4. Now you can share your referral link and invite new users
In order to get the link through iOS/Android:
1. Send 100 coins to the wallet given by the App: Home screen – Refill
2. Bond 100 coins to the pool: Home scren – Bond
3. Skip to ‘Affiliate program’ section and copy your referral link
4. Now you can share your link and invite new users
How to install the iOS App?
To install the App
1. Follow the link:
2. Сlick ‘Install’ and follow the standard steps to install the App on your device
3. If you are a new user – press ‘Register’ (you need to indicate your inviter; find your inviter`s ID or get a referral link in the ‘How to register a new user’ section)
4. If you already have your SPACEBOT Telegram account you need to link it to email. You may find how to do it in ‘How to link email to your SPACEBOT account?’ section.
How to install Android App?
To install the App:
1. Follow the link:
2. Press ‘install’ and follow the standard steps to install the App on your device.
3. If you are a new user – press ‘register’ (you need to indicate your inviter; find your inviter`s ID or get a referral link in the ‘How to register a new user’ section)
4. If you already have your Telegram SPACEBOT account you need to link it to email. You may find how to do it in ‘How to link email to your SPACEBOT account?’
How to top up your balance?
Top up your balance with Telegram bot:
1. Go to ‘Wallet’ section
2. Press ‘Deposit’
3. Copy the wallets sent to you (be careful not to copy extra symbols)
4. Transfer coins to the copied wallet adress
Top up your balance with iOS/Android App:
1. Press ‘Top up’ on the mail screen
2. Copy the wallets sent to you (be careful not to copy extra symbols)
3. Transfer coins to the copied wallet adress
* Track transaction on the blockchain:
PRIZM – https://prizmexplorer.com
BIP/BTT – https://explorer.minter.network
**Please note that depositing of coins requires certain number of confirmations in the network and it takes time to process a transaction with our algorightm
***Also note that many exchanges and wallets services carry out transfers with delay (on some exchanges it can take up to 72 hours), and you shouldn`t worry since this is a stadard procedure.