Crypto Dusting Attack Explained
A dusting attack is a situation where trace amounts of a cryptocurrency are sent to many thousands of crypto wallets. The amounts are intentionally tiny with the aim of landing in the wallet without the holder noticing.
The intent is that at some point in the future the wallet holder will make a transaction in which this trace amount of crypto (or dust) and associated transaction ID is included. At this point, the perpetrator of the attack will be able to track and trace transactions from that wallet holder, not only from the dust transaction but from all other associated transactions even if they do not include the “dust” that was initially sent.
Doing this enables the dust attacker to profile the wallet holders, identify potential holders of large volumes of cryptocurrency and attempt to uncover their identity. They will then use nefarious techniques to scam or phish them into giving away their wallet private credentials.
It should be noted that dusting attacks are not limited to cybercriminals. Whilst attacks conducted by cybercriminals meet the modus operandi as explained above. Dusting attacks can be perpetrated for other reasons by other groups.
Examples would include Government agencies launching dusting attacks to find perpetrators of financial crimes. They can even be used by crime syndicates as a defence mechanism to obscure or hide their own illegal transactions and make them more difficult to track.
If dust appears in your wallet, that in itself is not a risk and poses no technical threat. The risk only starts if and when you use that dust in an on-chain transaction. Even then, it would usually only be a precursor to a social engineering or a phishing attack. Like so many other cyberattacks, dusting is the crypto version of the first step in trying to scam an individual rather than breach the technology.
Whilst inconvenient or irritating, having dust in your wallet is not a problem, however, you should take steps to ensure you do not use dust in your crypto transactions. This can be achieved by choosing a crypto wallet that offers protection. Generally, there are two methods by which wallets can protect you:
- You can use a hierarchical-deterministic wallet which creates a new address for every transaction you make. Making it harder for the dust attacker to track the transactions.
- You can use a wallet which allows you to mark your unspent dust with a “do not spend” tag, automatically preventing any dust from ever being spent.