Does the idea of receiving cryptocurrency for free excite you? We bet it does. However, this isn’t Satoshi Nakamoto giving out free bitcoins from the anonymous world — these are just normal traders being generous … but is there a catch? Welcome to the world of crypto dust and crypto dust attacks.
What Is Crypto Dust?
As its name implies, crypto dust is a tiny, fragmented piece of a cryptocurrency. It’s usually so small that most users don’t even know it’s there. The definition of crypto dust is subjective and differs from individual to individual: while 0.0000005 BTC meets the criteria for some, others would consider even 0.002 BTC a small enough amount to be classified as dust. For simplicity’s sake, let’s define crypto dust as any amount of cryptocurrency lower than or equal to transaction fees. For normal transactions, this is around 546 satoshi (8 cents).
Crypto dust is no issue in itself. However, when transferred to you by a malicious actor, you could inadvertently transfer it with your main funds and put yourself at risk of an attack. Before we explain crypto dusting attacks in detail, let’s take a quick look at where they come from.
How Is Crypto Dust Made?
Crypto dust can be made or transferred. We’ll explore both scenarios.
Let’s say you have 0.6371149 BTC in your wallet, and you need to make a payment of 0.6371 Bitcoin to another wallet. If the transaction fee is 0.00001 BTC, you’ll have 0.0000049 BTC (490 satoshis) left. This amount is referred to as “dust” because it’s lower than the transaction fee needed to make another transfer.
Crypto dust can also be transferred. In a new form of malicious attack, hackers seek to invade the privacy of cryptocurrency wallet owners by sending very small amounts of tokens to many accounts or multiple addresses at once, then tracking these funds to unmask the identity of wallet owners for off-blockchain hacking.
Is Crypto Dust Harmful?
Crypto dust is not inherently a threat. When sending your assets, you can’t get the amount down to the last decimal, so there will always be some amount of crypto dust left. To encourage users to make more transactions, some exchanges allow you to swap your dust for their governance tokens. This might not amount to anything significant in the short term, but little drops of water (crypto in this case) will fill the bucket over time.
Unless you’re a crypto whale or live in an area prone to security lapses, dust attacks aren’t something to sweat. Even if hackers were to carry out a dusting attack successfully, they wouldn’t be able to access your private key to exert control over your funds. If your wallet provider is big on security, new privacy measures rolled out periodically should keep you safe.
Even though the amount sent to each exchange is small, the fees needed to process those transactions are many times the funds spent.
How Do Crypto Dust Attacks Work?
Have you ever forgotten a few pennies in one of your pants, only to have them emerge days or weeks later? The lowest denomination of cash is not one that people pay much attention to, and the same goes for cryptocurrencies. An increase or decrease of 1 BTC would be pretty obvious, but a difference of a few satoshis is likely to go unnoticed. Malicious actors have caught on to this fact and exploited it. By sending very few fragments of cryptocurrency to many wallets at once, they can quietly monitor the transactions performed on the addresses and link them to other addresses in the same wallet.
For a dust attack to take place, the funds sent must be transferred. The attacker wants you to add that dust to other funds in the same wallet and send it out. That way, the attacker will find out all the exchanges under the wallet, using advanced technological means, ultimately discovering who the wallet owner is. The owner would then be the object of a series of phishing, cyber extortion, and targeted hacks off the blockchain. While DeFi wallets make it impossible to reach owners from their blockchain wallets, their centralized counterparts require a certain level of KYC, meaning a dust attack would likely leave them vulnerable.
There have been many dusting attacks in recent years. The following are two of the most noteworthy.
In the final quarter of 2020, an attack on the Binance Chain network took place in which hackers sent tiny amounts of BNB to many accounts/wallet addresses. In their messages, they included a link for users to claim 50 BNB. Unfortunately, there was no BNB to be claimed. This was simply the hackers’ attempt to decrypt users’ information.
Prior to the Binance Chain attack, hackers attacked Samourai wallets. Though Samourai’s developers were able to warn users through social media and “do not spend” tags on malicious funds, some users still fell prey to the scam.
To disguise dust attacks, hackers now send amounts much higher than transaction minimums to targeted accounts.
How to Get Rid of Crypto Dust
Fortunately, there are a few ways to get rid of crypto dust. Some of them depend on the functionality of your wallet provider, while others are methods you can implement yourself.
Popular crypto exchanges allow users to convert dust to the exchange’s native tokens once every 24 hours with just a single click.
You can also use a hierarchical deterministic (HD) wallet. This is a wallet that automatically creates a new address for every transaction you make, so it’s harder for hackers to track your transactions.
A third way is to top up cryptocurrency dust to the point where it can be converted to a whole token, then transfer that to your bank account.
Lastly, you can make use of a virtual private network (VPN) to increase anonymity and further strengthen security levels.
Some crypto analysts suggest raising the dust limit on Bitcoin. The rationale behind this is that if dust attacks were to become more expensive, more people would be deterred from trying them. While this may be true, the move would be detrimental to investors/cryptocurrency users with low funds.
Don’t panic if you see any crypto dust entering your wallets.
In recent years, crypto dust has been used more for legitimate purposes than for attacks. For example, it’s now used as an alternative advertising method in place of cold emails.
From law enforcement agencies looking to curb money laundering to researchers focusing on trends and patterns for educational purposes, time and a high level of expertise are required to carry out a dusting attack or monitoring, meaning the average person won’t be able to pull it off. Additionally, due to an increase in fees on the Bitcoin blockchain, it’s more expensive to run a crypto dusting attack now compared to two years ago.
Having said that, it’s always better to err on the side of caution. If you transact cryptos on a frequent basis, we recommend you follow the methods we’ve detailed above to get rid of any dust.