Dusting attacks: watch out for your crypto wallets

While the cryptocurrency dust by itself may seem harmless, transactions involving it can put users’ funds at risk.

Crypto dust refers to a minuscule quantity of coins or tokens. A dusting attack occurs when a tiny amount of coins or tokens (dust) is distributed to many wallets. Users can easily identify them as small amounts of unexpectedly received cryptocurrency from an unknown source. An attack may have different purposes – from malicious intent to an attempt to advertise something by attaching messages to tokens the same way ad emails are sent out. Still, any crypto dust might contain malicious links to harmful software or phishing sites in the transaction details.

The evolution of dusting attacks

Dusting attacks were initially associated with blockchains that use the Unspent Transaction Output model (UTXO). In this model, transactions create outputs from previous inputs. An output used as an input for a new transaction is considered to be spent and can’t be reused. When a transaction is made, UTXOs are gathered to meet the transaction amount, creating new outputs for the receiver and possibly returning some “change” to the sender. UTXO-based assets refer to cryptocurrencies that use this model, like BTC, LTC or DOGE. With UTXO-based assets, an attacker could distribute dust to an address to reveal the owner’s other addresses by tracking the dust’s movement. If the owner unknowingly combines this dust with their funds in a transaction, the attacker can analyze public blockchain data to link multiple addresses to a single owner. This could compromise privacy and lead to targeted attacks.

When it comes to Ethereum, a dusting attack might not directly lead to the de-anonymization of the wallet owner since there are no UTXOs in the Ethereum Virtual Machine (EVM). However, dusting attacks can pose risks on all blockchains, especially when combined with other attack methods. Plus, dusting attacks have substantially evolved in recent years.

Potential threats

Phishing links with dust transactions are one of the most common strategies harnessed by dusting attackers. These attacks involve sending dust along with a malicious link in the transaction’s memo tag. This method is particularly common with cryptocurrencies supporting the tag feature, such as Stellar (XLM) or XRP (XRP). If users interact with such links, they may be tricked into sending their assets to an unknown address or revealing their recovery phrase, which, in turn, could lead to the loss of funds.

Another type of dusting attacks comes with airdropping, where victims are tricked into believing they requested some tokens. Attackers create fake phishing sites mimicking legitimate projects, making it hard for average users to distinguish between the real and the fake. When users connect their crypto wallets to these phishing sites, hackers gain access to their wallets and drain them of their digital currencies and NFTs, thanks to hidden malicious code in the smart contracts.

Dusting attacks can also lead to wallets getting blocked. Even some public figures experienced that issue when a minor amount of ETH was dispersed using the sanctioned Tornado Cash mixer to about 600 addresses, as per the analysis by PeckShield.

Security measures to follow

It’s easy for scammers to find a user’s wallet address since all blockchain transactions are public and can be viewed on blockchain explorers. Fraudsters continuously create new websites and tokens, making it difficult to identify a possible threat. However, simple precautions could provide you some protection.

• Refrain from sharing any personal details alongside your wallet address.
• Remember that all airdrops are official. When something is sent to a wallet without forewarning, it could be a suspicious transaction.
• If you have received some unknown or unanticipated tokens in your wallet, do not move them. The best option would be to just ignore the transaction and not interact with its details, tokens or linked addresses.
• To completely protect yourself from interacting with token dust, you can enable the options “Hide small balances” and “Hide non-listed tokens,” which are available in some wallets, including the 1inch Wallet.