What is dust?
In the language of cryptocurrencies, the term dust refers to a tiny amount of coins or tokens—an amount so small that most users don’t even notice. Taking Bitcoin as an example, the smallest unit of the BTC currency is 1 satoshi (0.00000001 BTC), so a dust would refer to a couple of hundreds of satoshis.
Dust is also the name given to tiny amounts of coins that “get stuck” on users’ accounts after trading orders are executed. Dust balances are not tradable.
The Bitcoin Core defines dust as any transaction output that is lower than the fees for that transaction.
What is a dusting attack?
A dusting attack refers to a new kind of malicious activity where hackers attempt to break the privacy of Bitcoin and cryptocurrency users by sending tiny amounts of coins or dust to their personal wallets. The transactional activity of these wallets is then tracked down by the attackers, who perform a combined analysis of several addresses as an attempt to identify the person or company behind each wallet.
The attackers may then use this knowledge against their targets, either through elaborated phishing attacks or cyber-extortion threats.
Dusting attacks were initially performed with Bitcoin, but they are also happening with other cryptocurrencies that are running on top of a public and traceable blockchain.
In late October 2018, developers of the Bitcoin’s Samourai Wallet announced that some of their users were under dusting attacks. The company tweeted a warning about the attacks and explaining how they could protect themselves. The Samourai Wallet team implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that let users mark suspicious funds, so these are not included in future transactions.
How can you counter a dust attack?
Since dusting attacks rely on a combined analysis of multiple addresses, if a dust fund is not moved, attackers are not able to make the connections they need to “de-anonymize” the wallets. Samourai Wallet already has the ability to automatically report suspicious transactions to their users. Despite the dust limit of 546 satoshis, many dusting attacks today are well above it and are usually ranging from 1000 to 5000 satoshis.
It is important to keep in mind that, unlike many tend to believe, Bitcoin is not really an anonymous cryptocurrency. Besides the recently created dusting attacks, there are many companies, research labs, and governmental agencies performing blockchain analyses in an attempt to de-anonymize blockchain networks—and some argue they already made significant progress.
While the Bitcoin blockchain is nearly impossible to hack or disrupt, the wallets often present a significant point of concern. Since users do not give up their personal information when creating an account, they cannot prove theft if some hacker gains access to their coins—and even if they could, that would be useless.
When a user holds their cryptocurrencies in a personal wallet, they are acting as their own bank, which means there is nothing they can do in case they get hacked or lose their private keys. Privacy and security are getting more and more valuable every day. And those are particularly valuable for cryptocurrency traders and investors.
Along with dusting and other de-anonymizing attacks, it is also important to be wary of the other security threats that are part of the cryptocurrency space, such as Cryptojacking, Ransomware, and Phishing. Other security measures may include installing a VPN along with a trustworthy antivirus in all of your devices, encrypting your wallets, and storing your keys inside encrypted folders.