Bitcoin Forum
November 19, 2019, 07:23:55 AM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Dust Attack, what it is, why it is dangerous and how to prevent falling to it  (Read 259 times)
fillippone
Hero Member
*****
Online Online

Activity: 518
Merit: 1670


Legendary Member Wannabe


View Profile
August 13, 2019, 06:03:48 PM
Last edit: October 03, 2019, 08:41:37 PM by fillippone
Merited by joniboini (6), suchmoon (4), dbshck (4), micgoossens (4), DdmrDdmr (2), Hueristic (1), Quickseller (1), tranthidung (1)
 #1

A few days agor I read this news, that got my attention:


LITECOIN WALLETS HIT BY LARGE-SCALE DUSTING ATTACK, SO WHAT IS IT?

Here you can find a couple of paragraph:
Quote
Reports are emerging that Litecoin wallets have been hit by a new kind of cyber-attack called dusting. It has not affected LTC markets but is something that crypto traders and holders should be aware of. Binance Academy offered an explanation.

Quote
In short, a dusting attack is when scammers attempt to break the privacy of a cryptocurrency, Litecoin in this case, by sending tiny amounts of it to private wallets. The attackers then attempt to trace the transactional activity of these wallets in an attempt to discover the identity of the person that owns them.

The term ‘dust’ refers to the tiny fractions of crypto coins that most users ignore. A couple of hundred satoshis may be referred to as ‘dust’ as the sum is so tiny that most people would not even notice it. It is also prevalent on crypto exchanges as the remnants of transactions that remain in wallets and can no longer be user or transferred.

Dust therefore refers to those amounts of cryptocurrencies that cannot be transferred individually either or because their amount is less than the transaction fees of the blockchain, or because they are lower than the minimum transferable out of an exchange, thus remaining blocked in the portfolio of the account at a specific exchange.


Here you can find an video from  Binance Academy that explains what a Dust Attack is:

What Is a Dusting Attack?

This technique is also used on Bitcoin, so try to be careful when you receive Satoshi without knowing where they are coming from.

Why is dust attack dangerous? What is the use of sending satoshi to trace transactions if the transactions are actually public?

Well the explanations can be multiple:

  • The attacker sends satoshi to a used address, with a positive balance. Curious mechanism, in reality the attacker does not get any advantage, given that the movements of the address could also be monitored previously. The only advantage could be to "accustom" the user to receive funds on an address, thus making it less prudent in the real dust attack.
  • The attacker sends satoshi to a used but empty address. The receiver then aggregates those satoshi to a new address by making a payment. At that point the old address and the new one are "linked" and the attacker can, with methods of chain analysis, try to trace your identity, having discovered, however, that you also have control of the old address.
  • The attacker sets up a bitcoin faucet (or a bitcoin fork - do you remember United Bitcoin?), where it is possible to get some satoshi upon registration with an email. At that point, if you combine those satoshi with your main address, well, the attacker has extra starting data to identify you (an email, even if fake, provides a lot of information, for example a connection IP).
  • Extremizing: an exchange that offers you $ 30 to register, after KYC, is practically performing a dust attack. Except that in that case, using the chain analysis company you just bought, you can perform a very efficient tracking of your UTXOs. Do you think this is an impossible scenario? it already happened.
  • Exaggerating 2: an exchange (the same as the previous point) offers you $ 80 in shitcoins by answering easy videos and questions, after KYC, is practically performing a dust attack. Except that in that case, using the chain analysis company you just bought, you can perform a very efficient tracking of your UTXOs. Do you think this is an impossible scenario? It is happening now.

So, what to do when you receive dust on your wallet?

Two cases:

  • Attacker sent you on a positive balance address: there's nothing much you can do about that. The address is public, the balance is public, having dust on such address is not something you can control. Spending this dust does not pose any additional threat than moving your coins on that address. You can consolidate those coins and keep with your usual life.
  • Attacker sent you on a zero balance address: this is a proper dust attack. The address is public, built it is not possible to link to your current address. Spending this together with your coins poses a privacy risks. The attacker doesn't know anything about your current address, if you spend the two UTXO together they are able to link them.
    For this reason you have to use Coin Control feature: clearly mark that dust UTXO as "do not spend" (many wallet allow for this, Wasabi being one of those) to that attacker cannot track you down.

Another example is the exchange airdop made by our government friendly exchange:

Let's work an example out.
They give you some Stellar Lumens, provided you see some videos.
Of course you don't care about XLM's, so once you get them you sell them immediately for BTC.
Since you are an advanced BTC user, you know that "not your keys not your Bitcoin", so you get your BTC and witdraw them  in your private wallet.
You froget it for a few weeks.
Two months later, taking advantage of the empty mempool, you decide to consolidate your addresses into one. You then put those few satoshi together with your 100 BTC you bought back in 2010.
Well, now the shrewd chain analytics company is able to understand that even the 100 BTC are yours.
The chain analytics company sells the information to the tax authorities, and you're screwed.
Or sell it to a criminal organization, and you're even more screwed.

How to defend yourself:
Two tips immediately come to mind:
  • Keep the "kyc" and "anonymous" addresses absolutely separate, many wallets allow different UTXOs to be marked with different labels: use this option!
  • If you really need to consolidate the addresses, before doing so, let them go through a coinjoin. However, having an anonymous set is not perfect, but at least you don't have an obvious link to your address.
As usual I will try to update this thread by completing it with better information and examples as they become available.
I look forward to your comments!

The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1574148235
Hero Member
*
Offline Offline

Posts: 1574148235

View Profile Personal Message (Offline)

Ignore
1574148235
Reply with quote  #2

1574148235
Report to moderator
Hueristic
Legendary
*
Offline Offline

Activity: 2170
Merit: 1286


Doomed to see the future and unable to prevent it


View Profile
August 13, 2019, 07:53:04 PM
 #2

SHUM.

fillippone
Hero Member
*****
Online Online

Activity: 518
Merit: 1670


Legendary Member Wannabe


View Profile
August 15, 2019, 10:12:38 PM
 #3

An update on the Binance Dust Attack

LTC Dusting Attack on Binance Affected Nearly 300,000 Addresses: Report

Quote
The recent dusting attack against fourth-biggest altcoin Litecoin (LTC) on major cryptocurrency exchange Binance affected 294,582 addresses rather than the 50 Binance reported, according to a recent metrics report.
Blockchain data and metrics firm Glassnode revealed its latest findings in a tweet on Aug. 15, saying that the LTC dusting attack affected 294,582 addresses. The analysis ostensibly also indicated a similar scale attack in April.



Of course the given explanation is pretty ridicule.

hatshepsut93
Hero Member
*****
Online Online

Activity: 1330
Merit: 948


Bitcoin realist


View Profile
August 15, 2019, 11:51:57 PM
Merited by joniboini (2), DdmrDdmr (1)
 #4

Maybe this dusting is more of a spam attack, it creates new unspent outputs that are more expensive to move than they are worth, so it can make people overpay fees when they don't keep track of what input they use. This raises a question - are wallets these days smart enough to recognize some inputs as dust that is inefficient to move at the current fee, or would they mindlessly include it in transactions?

DdmrDdmr
Hero Member
*****
Offline Offline

Activity: 672
Merit: 2860


There are lies, damned lies and statistics. MTwain


View Profile WWW
August 16, 2019, 08:33:38 AM
 #5

A person at Binance Academy now suggest that it was not a dusting attact per se in intent (although not discardable), but rather an attempt to promote a specific mining pool based in Russia:

Quote
“The person behind the dusting attack owns a mining pool based out of Russia, EMCD[dot]io. They reached out to express that their intent was to advertise their mining pool to the users of Litecoin, however, it's unclear from our perspective or anyone else's as to whether there were alternative motives. The owner of the pool was not aware that he was subjecting all these users to a dusting attack and spreading fear among the Litecoin community.
“It's interesting to note, that even if this was not the intent of the mining pool owner, he provided a base for malicious actors to analyze. You see, the person responsible for conducting the dusting attack doesn't necessarily have to be the one collecting the data, they can just merely be providing a service so that someone else can collect all the information and analyze it at a later date.”

See: https://cointelegraph.com/news/understanding-litecoins-dusting-attack-what-happened-and-why

fillippone
Hero Member
*****
Online Online

Activity: 518
Merit: 1670


Legendary Member Wannabe


View Profile
August 16, 2019, 08:43:52 AM
 #6

<SNIP>


Yes, that article expand what it was posted in the previous article I linked this morning.
And still, this explanation (the guy promoting his own mining pool) seems ridicule to me.
But I might be missing something here.

DdmrDdmr
Hero Member
*****
Offline Offline

Activity: 672
Merit: 2860


There are lies, damned lies and statistics. MTwain


View Profile WWW
August 16, 2019, 08:49:39 AM
 #7

<…> And still, this explanation (the guy promoting his own mining pool) seems ridicule to me. <…>
Not really. A dusting attack is what it is, and that is what you’ve explained in this thread. The specific Litecoin recent alleged attack, as with many other news published, evolves overtime, and what media promptly affirm one day may have a different edge on the following. In any case, the article pointing to it being a promotion stunt cannot discard ulterior motives.

fillippone
Hero Member
*****
Online Online

Activity: 518
Merit: 1670


Legendary Member Wannabe


View Profile
August 16, 2019, 08:55:49 AM
 #8

<…> And still, this explanation (the guy promoting his own mining pool) seems ridicule to me. <…>
Not really. A dusting attack is what it is, and that is what you’ve explained in this thread. The specific Litecoin recent alleged attack, as with many other news published, evolves overtime, and what media promptly affirm one day may have a different edge on the following. In any case, the article pointing to it being a promotion stunt cannot discard ulterior motives.

My point is: as a promotion stunt, I see this move pretty lame: I would actually stay well away from someone putting user's privacy at risk with such a unrequested move.
So I think there are other "reasoning" behind these actions.
And also agreed this news evolved from the strict notion of "dust attack".

bitmover
Hero Member
*****
Offline Offline

Activity: 658
Merit: 1117



View Profile
August 16, 2019, 11:22:22 AM
 #9

It is also prevalent on crypto exchanges as the remnants of transactions that remain in wallets and can no longer be user or transferred.

This statement makes no sense to me. Maybe am I missing something?

The guy who sent the dust is watching. But the remaining balance he could be watching anyway, even if he didn't send any dust to the address.

If you don't use the remaining balance with other addresses in the same transaction you are just fine imo. Any thoughts?

fillippone
Hero Member
*****
Online Online

Activity: 518
Merit: 1670


Legendary Member Wannabe


View Profile
August 16, 2019, 11:26:43 AM
 #10

It is also prevalent on crypto exchanges as the remnants of transactions that remain in wallets and can no longer be user or transferred.

This statement makes no sense to me. Maybe am I missing something?

This statement refers to the fact we call "dust" also the change you leave on the exchanges (offchain dust) after you change your shitcoin into bitcoin. When you convert your BPA (BitcoinPizza) into BTC and you are left with 0.432 BPA and the minimum fees to transfer it is 0.5 PBA, then your change is basically lost (now some exchange offer ways to clean that thou), and then referred as "dust"

Quote
The guy who sent the dust is watching. But the remaining balance he could be watching anyway, even if he didn't send any dust to the address.

If you don't use the remaining balance with other addresses in the same transaction you are just fine imo. Any thoughts?
Exactly, this was more or less analysed in the OP message.


Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1960
Merit: 1769



View Profile WWW
August 18, 2019, 05:32:54 AM
 #11

A person at Binance Academy now suggest that it was not a dusting attact per se in intent (although not discardable), but rather an attempt to promote a specific mining pool based in Russia:

Quote
“The person behind the dusting attack owns a mining pool based out of Russia, EMCD[dot]io. They reached out to express that their intent was to advertise their mining pool to the users of Litecoin, however, it's unclear from our perspective or anyone else's as to whether there were alternative motives. The owner of the pool was not aware that he was subjecting all these users to a dusting attack and spreading fear among the Litecoin community.
“It's interesting to note, that even if this was not the intent of the mining pool owner, he provided a base for malicious actors to analyze. You see, the person responsible for conducting the dusting attack doesn't necessarily have to be the one collecting the data, they can just merely be providing a service so that someone else can collect all the information and analyze it at a later date.”

See: https://cointelegraph.com/news/understanding-litecoins-dusting-attack-what-happened-and-why

The intent of the person sending and funding the transactions doesn’t matter. Anyone looking after the fact can potentially break your privacy.

It is also possible the stated reason is cover for his true intentions.

Find the fire hydrant in my Avatar for a prize.
DdmrDdmr
Hero Member
*****
Offline Offline

Activity: 672
Merit: 2860


There are lies, damned lies and statistics. MTwain


View Profile WWW
August 18, 2019, 01:29:29 PM
 #12

<…>
I know. That is the alleged reason, and the possibility of exploiting the action, regardless of the intention, is covered in the quoted text itself where it states:
Quote
It's interesting to note, that even if this was not the intent of the mining pool owner, he provided a base for malicious actors to analyze.

Hueristic
Legendary
*
Offline Offline

Activity: 2170
Merit: 1286


Doomed to see the future and unable to prevent it


View Profile
August 22, 2019, 12:59:26 AM
 #13

So basically a dusting attack and then a "don't worry it was not an attack" response to lull the victims into not protecting themselves?

fillippone
Hero Member
*****
Online Online

Activity: 518
Merit: 1670


Legendary Member Wannabe


View Profile
August 22, 2019, 04:09:55 PM
 #14

So basically a dusting attack and then a "don't worry it was not an attack" response to lull the victims into not protecting themselves?

Social engineering is a good part of any attack.

Hueristic
Legendary
*
Offline Offline

Activity: 2170
Merit: 1286


Doomed to see the future and unable to prevent it


View Profile
August 22, 2019, 04:18:04 PM
 #15

So basically a dusting attack and then a "don't worry it was not an attack" response to lull the victims into not protecting themselves?

Social engineering is a good part of any attack.

True that, i had an idiot hand me a thumb drive to put something on for him that he found on the ground. Damn thats the oldest trick in the book.

fillippone
Hero Member
*****
Online Online

Activity: 518
Merit: 1670


Legendary Member Wannabe


View Profile
September 16, 2019, 11:52:17 AM
 #16

So basically a dusting attack and then a "don't worry it was not an attack" response to lull the victims into not protecting themselves?

Social engineering is a good part of any attack.

True that, i had an idiot hand me a thumb drive to put something on for him that he found on the ground. Damn thats the oldest trick in the book.

Form an attacker point of view, the more a system is cryptographically secure, robust and offering minimum attack surface, the more concentrating on social engineering, human stupidity/complacency has an elevated payoff.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!