Relatively New and Unknown Dusting Attack an Issue for Most Major Cryptocurrencies
On 9 August, a widespread dusting attack was observed across the Litecoin network. An example of one of the transactions used for the dusting attack can be seen at this link, where 546 Litetoshis, worth less than 1/10 of a penny, was sent to 50 different addresses. This is a relatively unknown and new type of attack but has apparently been a problem across the Bitcoin network, and it is possible for dusting attacks to occur across any pseudo-anonymous cryptocurrency network, which includes most major cryptocurrencies besides stealth cryptocurrencies like Monero and Zcash.
One of many transactions: https://t.co/zgk9gPRNcU
Here’s what you need to know and how to protect yourself:https://t.co/KNVoQLwBUb
— Binance (@binance) August 10, 2019
How Dusting Attacks Work
In order to understand how a dusting attack works, it is first important to understand how Bitcoin and Litecoin transactions work. Bitcoin transactions consist of inputs and outputs. The coins sitting in a wallet, which are called the inputs, are gathered together to send a transaction. There are typically a couple of outputs, including coins sent to another user and the change that comes back to a sender. For example, if a Bitcoin user has 0.05 Bitcoin, 0.2 Bitcoin, and 0.15 Bitcoin sitting in their wallet from previous transactions, and this Bitcoin user wants to send 0.39 Bitcoin to someone else, then all three inputs are gathered together for the transaction, and 0.39 Bitcoin is sent and 0.01 Bitcoin comes back as change.
Oftentimes Bitcoin users change their address whenever they receive Bitcoin, so it would be common for the three inputs in the example described above to be sitting in three different addresses.
This is where the dusting attack comes in. The attacker sends a minuscule amount of Bitcoin to as many addresses as possible. The attacker then analyzes how this dust propagates across the Bitcoin network in order to identify which addresses are part of the same wallet. For example, in the previous example where there were inputs of 0.05 Bitcoin, 0.2 Bitcoin, and 0.15 Bitcoin, and assuming these inputs are held across three different addresses, if a dust transaction is sent to each one of these addresses and then all three of these input addresses are gathered together into an output transaction, then the attacker will know that these three addresses are owned by the same person.
Attackers Use Dusting to Identify Cryptocurrency Users for Multiple Reasons
This information can then be used to identify a Bitcoin user and to track the past and future activity of the Bitcoin user. There are multiple reasons why an attacker may use dusting to identify Bitcoin users.
If an attacker identifies a Bitcoin user with a significant amount of Bitcoin, then the attacker may launch phishing and extortion attacks. An extortion attack is when an email or another form of communication is sent to threaten and demand a ransom from a Bitcoin user. A phishing attack is when an email or another form of communication is sent to try and obtain critical login information from a Bitcoin user, which can then be used by the attacker to steal the coins in the wallet.
Dusting attacks may also be associated with government or corporate entities that are trying to gather information on Bitcoin users, for tax purposes and preventing money laundering. After a Bitcoin wallet is identified as belonging to a single user via a dusting attack, this information can then be combined with blockchain forensics to track past and future transactions. For example, blockchain forensics firms often identify cryptocurrency addresses associated with deep web markets, and once a Bitcoin user is identified via a dusting attack, blockchain forensics can see if transactions from that Bitcoin user are being sent to a deep web market.
How to Protect Oneself Against Dusting Attacks
One of the main reasons people choose to use cryptocurrency is for anonymity, and it is clear that dusting attacks are a threat to anonymity. Bitcoin and Litecoin already have a built-in mitigation mechanism against dust transactions in general, in order to prevent blockchain spam which can cause network congestion. Transactions below 546 satoshis or litetoshis are classified as dust and rejected by nodes. However, attackers easily overcome this by sending 546 satoshis/litetoshis or more, which is why the transactions during the 9 August Litecoin dusting attack were 546 litetoshis. This mitigation makes it more expensive to perform a widespread dusting attack but does not prevent it.
Also, new Bitcoin and Litecoin addresses can be automatically generated each time a transaction is received. This helps cut down dusting attacks, versus the case where someone uses the same address for every transaction, but constantly changing the receiving address does not completely prevent dusting attacks.
The best way to stop a dusting attack is to be aware of all the inputs in a Bitcoin or Litecoin wallet, and not use inputs from a dusting attack. For example, in the Bitcoin and Litecoin core wallets, a user can choose the inputs they use in a transaction, and the user would simply not select any dust transactions for their inputs. If the dust transactions are never selected as inputs, then the attacker will not receive the necessary information to identify a Bitcoin user.
If you have recently received a very small amount of BTC in your wallet unexpectedly, you may be the target of a “dusting attack” designed to deanonymise you by linking your inputs together – Samourai users can mark this utxo as “Do Not Spend” to nip the attack in the bud. pic.twitter.com/23MLFj4eXQ
— Samourai Wallet (@SamouraiWallet) October 25, 2018
Unfortunately, only a small fraction of Bitcoiners or Litecoiners use the core wallet, since to use a core wallet the entire blockchain must be downloaded, which can take months and causes heavy bandwidth usage. That being said, there are some lite-wallets, meaning wallets that do not require downloading the whole blockchain and have the capability to separate block dust transactions so that they are never used as inputs. For example, the Samurai Wallet was apparently subject to a widespread dusting attack, so the developers implemented the capability for users to mark these dust transactions as do-not-spend so that they would never be used as inputs.
Thus, dusting attacks are being used by hackers as well as government and corporate entities to compromise the anonymity of major cryptocurrencies like Bitcoin and Litecoin. However, dusting attacks can be prevented by being aware of the inputs that are used when sending a new transaction, and users simply need to make sure that they do not use dust inputs when sending a transaction. Although dusting attacks represent a threat to the anonymity of cryptocurrency users, perhaps in the future, the lessons learned from dusting attacks and other de-anonymizing attacks will lead to cryptocurrency protocols and cryptocurrency users becoming more anonymous and bulletproof than ever before.
Image Courtesy: Pixabay