Pages:
Author

Topic: Dust Attack, what it is, why it is dangerous and how to prevent falling to it - page 4. (Read 2095 times)

jr. member
Activity: 38
Merit: 10
A few days agor I read this news, that got my attention:


LITECOIN WALLETS HIT BY LARGE-SCALE DUSTING ATTACK, SO WHAT IS IT?

Here you can find a couple of paragraph:
Quote
Reports are emerging that Litecoin wallets have been hit by a new kind of cyber-attack called dusting. It has not affected LTC markets but is something that crypto traders and holders should be aware of. Binance Academy offered an explanation.

Quote
In short, a dusting attack is when scammers attempt to break the privacy of a cryptocurrency, Litecoin in this case, by sending tiny amounts of it to private wallets. The attackers then attempt to trace the transactional activity of these wallets in an attempt to discover the identity of the person that owns them.

The term ‘dust’ refers to the tiny fractions of crypto coins that most users ignore. A couple of hundred satoshis may be referred to as ‘dust’ as the sum is so tiny that most people would not even notice it. It is also prevalent on crypto exchanges as the remnants of transactions that remain in wallets and can no longer be user or transferred.

Dust therefore refers to those amounts of cryptocurrencies that cannot be transferred individually either or because their amount is less than the transaction fees of the blockchain, or because they are lower than the minimum transferable out of an exchange, thus remaining blocked in the portfolio of the account at a specific exchange.


Here you can find an video from  Binance Academy that explains what a Dust Attack is:

What Is a Dusting Attack?

This technique is also used on Bitcoin, so try to be careful when you receive Satoshi without knowing where they are coming from.

Why is dust attack dangerous? What is the use of sending satoshi to trace transactions if the transactions are actually public?

Well the explanations can be multiple:

  • The attacker sends satoshi to a used address, with a positive balance. Curious mechanism, in reality the attacker does not get any advantage, given that the movements of the address could also be monitored previously. The only advantage could be to "accustom" the user to receive funds on an address, thus making it less prudent in the real dust attack.
  • The attacker sends satoshi to a used but empty address. The receiver then aggregates those satoshi to a new address by making a payment. At that point the old address and the new one are "linked" and the attacker can, with methods of chain analysis, try to trace your identity, having discovered, however, that you also have control of the old address.
  • The attacker sets up a bitcoin faucet (or a bitcoin fork - do you remember United Bitcoin?), where it is possible to get some satoshi upon registration with an email. At that point, if you combine those satoshi with your main address, well, the attacker has extra starting data to identify you (an email, even if fake, provides a lot of information, for example a connection IP).
  • Extremizing: an exchange that offers you $ 30 to register, after KYC, is practically performing a dust attack. Except that in that case, using the chain analysis company you just bought, you can perform a very efficient tracking of your UTXOs. Do you think this is an impossible scenario? it already happened.
  • Exaggerating 2: an exchange (the same as the previous point) offers you $ 80 in shitcoins by answering easy videos and questions, after KYC, is practically performing a dust attack. Except that in that case, using the chain analysis company you just bought, you can perform a very efficient tracking of your UTXOs. Do you think this is an impossible scenario? It is happening now.

So, what to do when you receive dust on your wallet?

Two cases:

  • Attacker sent you on a positive balance address: there's nothing much you can do about that. The address is public, the balance is public, having dust on such address is not something you can control. Spending this dust does not pose any additional threat than moving your coins on that address. You can consolidate those coins and keep with your usual life.
  • Attacker sent you on a zero balance address: this is a proper dust attack. The address is public, built it is not possible to link to your current address. Spending this together with your coins poses a privacy risks. The attacker doesn't know anything about your current address, if you spend the two UTXO together they are able to link them.
    For this reason you have to use Coin Control feature: clearly mark that dust UTXO as "do not spend" (many wallet allow for this, Wasabi being one of those) to that attacker cannot track you down.

Another example is the exchange airdop made by our government friendly exchange:

Let's work an example out.
They give you some Stellar Lumens, provided you see some videos.
Of course you don't care about XLM's, so once you get them you sell them immediately for BTC.
Since you are an advanced BTC user, you know that "not your keys not your Bitcoin", so you get your BTC and witdraw them  in your private wallet.
You froget it for a few weeks.
Two months later, taking advantage of the empty mempool, you decide to consolidate your addresses into one. You then put those few satoshi together with your 100 BTC you bought back in 2010.
Well, now the shrewd chain analytics company is able to understand that even the 100 BTC are yours.
The chain analytics company sells the information to the tax authorities, and you're screwed.
Or sell it to a criminal organization, and you're even more screwed.

How to defend yourself:
Two tips immediately come to mind:
  • Keep the "kyc" and "anonymous" addresses absolutely separate, many wallets allow different UTXOs to be marked with different labels: use this option!
  • If you really need to consolidate the addresses, before doing so, let them go through a coinjoin. However, having an anonymous set is not perfect, but at least you don't have an obvious link to your address.
As usual I will try to update this thread by completing it with better information and examples as they become available.
I look forward to your comments!
This is nice. There's another article you could maybe use to add to this information - https://medium.com/cobo-vault/everything-you-need-to-know-about-the-dusting-attack-f0151f5a8843
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
So basically a dusting attack and then a "don't worry it was not an attack" response to lull the victims into not protecting themselves?

Social engineering is a good part of any attack.

True that, i had an idiot hand me a thumb drive to put something on for him that he found on the ground. Damn thats the oldest trick in the book.

Form an attacker point of view, the more a system is cryptographically secure, robust and offering minimum attack surface, the more concentrating on social engineering, human stupidity/complacency has an elevated payoff.
legendary
Activity: 3836
Merit: 4969
Doomed to see the future and unable to prevent it
So basically a dusting attack and then a "don't worry it was not an attack" response to lull the victims into not protecting themselves?

Social engineering is a good part of any attack.

True that, i had an idiot hand me a thumb drive to put something on for him that he found on the ground. Damn thats the oldest trick in the book.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
So basically a dusting attack and then a "don't worry it was not an attack" response to lull the victims into not protecting themselves?

Social engineering is a good part of any attack.
legendary
Activity: 3836
Merit: 4969
Doomed to see the future and unable to prevent it
So basically a dusting attack and then a "don't worry it was not an attack" response to lull the victims into not protecting themselves?
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
<…>
I know. That is the alleged reason, and the possibility of exploiting the action, regardless of the intention, is covered in the quoted text itself where it states:
Quote
It's interesting to note, that even if this was not the intent of the mining pool owner, he provided a base for malicious actors to analyze.
copper member
Activity: 2996
Merit: 2374
A person at Binance Academy now suggest that it was not a dusting attact per se in intent (although not discardable), but rather an attempt to promote a specific mining pool based in Russia:

Quote
“The person behind the dusting attack owns a mining pool based out of Russia, EMCD[dot]io. They reached out to express that their intent was to advertise their mining pool to the users of Litecoin, however, it's unclear from our perspective or anyone else's as to whether there were alternative motives. The owner of the pool was not aware that he was subjecting all these users to a dusting attack and spreading fear among the Litecoin community.
“It's interesting to note, that even if this was not the intent of the mining pool owner, he provided a base for malicious actors to analyze. You see, the person responsible for conducting the dusting attack doesn't necessarily have to be the one collecting the data, they can just merely be providing a service so that someone else can collect all the information and analyze it at a later date.”

See: https://cointelegraph.com/news/understanding-litecoins-dusting-attack-what-happened-and-why

The intent of the person sending and funding the transactions doesn’t matter. Anyone looking after the fact can potentially break your privacy.

It is also possible the stated reason is cover for his true intentions.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
It is also prevalent on crypto exchanges as the remnants of transactions that remain in wallets and can no longer be user or transferred.

This statement makes no sense to me. Maybe am I missing something?

This statement refers to the fact we call "dust" also the change you leave on the exchanges (offchain dust) after you change your shitcoin into bitcoin. When you convert your BPA (BitcoinPizza) into BTC and you are left with 0.432 BPA and the minimum fees to transfer it is 0.5 PBA, then your change is basically lost (now some exchange offer ways to clean that thou), and then referred as "dust"

Quote
The guy who sent the dust is watching. But the remaining balance he could be watching anyway, even if he didn't send any dust to the address.

If you don't use the remaining balance with other addresses in the same transaction you are just fine imo. Any thoughts?
Exactly, this was more or less analysed in the OP message.

legendary
Activity: 2352
Merit: 6089
bitcoindata.science
It is also prevalent on crypto exchanges as the remnants of transactions that remain in wallets and can no longer be user or transferred.

This statement makes no sense to me. Maybe am I missing something?

The guy who sent the dust is watching. But the remaining balance he could be watching anyway, even if he didn't send any dust to the address.

If you don't use the remaining balance with other addresses in the same transaction you are just fine imo. Any thoughts?
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
<…> And still, this explanation (the guy promoting his own mining pool) seems ridicule to me. <…>
Not really. A dusting attack is what it is, and that is what you’ve explained in this thread. The specific Litecoin recent alleged attack, as with many other news published, evolves overtime, and what media promptly affirm one day may have a different edge on the following. In any case, the article pointing to it being a promotion stunt cannot discard ulterior motives.

My point is: as a promotion stunt, I see this move pretty lame: I would actually stay well away from someone putting user's privacy at risk with such a unrequested move.
So I think there are other "reasoning" behind these actions.
And also agreed this news evolved from the strict notion of "dust attack".
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
<…> And still, this explanation (the guy promoting his own mining pool) seems ridicule to me. <…>
Not really. A dusting attack is what it is, and that is what you’ve explained in this thread. The specific Litecoin recent alleged attack, as with many other news published, evolves overtime, and what media promptly affirm one day may have a different edge on the following. In any case, the article pointing to it being a promotion stunt cannot discard ulterior motives.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23



Yes, that article expand what it was posted in the previous article I linked this morning.
And still, this explanation (the guy promoting his own mining pool) seems ridicule to me.
But I might be missing something here.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
A person at Binance Academy now suggest that it was not a dusting attact per se in intent (although not discardable), but rather an attempt to promote a specific mining pool based in Russia:

Quote
“The person behind the dusting attack owns a mining pool based out of Russia, EMCD[dot]io. They reached out to express that their intent was to advertise their mining pool to the users of Litecoin, however, it's unclear from our perspective or anyone else's as to whether there were alternative motives. The owner of the pool was not aware that he was subjecting all these users to a dusting attack and spreading fear among the Litecoin community.
“It's interesting to note, that even if this was not the intent of the mining pool owner, he provided a base for malicious actors to analyze. You see, the person responsible for conducting the dusting attack doesn't necessarily have to be the one collecting the data, they can just merely be providing a service so that someone else can collect all the information and analyze it at a later date.”

See: https://cointelegraph.com/news/understanding-litecoins-dusting-attack-what-happened-and-why
legendary
Activity: 3038
Merit: 2162
Maybe this dusting is more of a spam attack, it creates new unspent outputs that are more expensive to move than they are worth, so it can make people overpay fees when they don't keep track of what input they use. This raises a question - are wallets these days smart enough to recognize some inputs as dust that is inefficient to move at the current fee, or would they mindlessly include it in transactions?
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
An update on the Binance Dust Attack

LTC Dusting Attack on Binance Affected Nearly 300,000 Addresses: Report

Quote
The recent dusting attack against fourth-biggest altcoin Litecoin (LTC) on major cryptocurrency exchange Binance affected 294,582 addresses rather than the 50 Binance reported, according to a recent metrics report.
Blockchain data and metrics firm Glassnode revealed its latest findings in a tweet on Aug. 15, saying that the LTC dusting attack affected 294,582 addresses. The analysis ostensibly also indicated a similar scale attack in April.



Of course the given explanation is pretty ridicule.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
A few days ago I read this news, that got my attention:


LITECOIN WALLETS HIT BY LARGE-SCALE DUSTING ATTACK, SO WHAT IS IT?

Here you can find a couple of paragraph:
Quote
Reports are emerging that Litecoin wallets have been hit by a new kind of cyber-attack called dusting. It has not affected LTC markets but is something that crypto traders and holders should be aware of. Binance Academy offered an explanation.

Quote
In short, a dusting attack is when scammers attempt to break the privacy of a cryptocurrency, Litecoin in this case, by sending tiny amounts of it to private wallets. The attackers then attempt to trace the transactional activity of these wallets in an attempt to discover the identity of the person that owns them.

The term ‘dust’ refers to the tiny fractions of crypto coins that most users ignore. A couple of hundred satoshis may be referred to as ‘dust’ as the sum is so tiny that most people would not even notice it. It is also prevalent on crypto exchanges as the remnants of transactions that remain in wallets and can no longer be used or transferred.

Dust therefore refers to those amounts of cryptocurrencies that cannot be transferred individually either or because their amount is less than the transaction fees of the blockchain, or because they are lower than the minimum transferable out of an exchange, thus remaining blocked in the portfolio of the account at a specific exchange.


Here you can find an video from  Binance Academy that explains what a Dust Attack is:

What Is a Dusting Attack?

This technique is also used on Bitcoin, so try to be careful when you receive Satoshi without knowing where they are coming from.

Why is dust attack dangerous? What is the use of sending satoshi to trace transactions if the transactions are actually public?

Well the explanations can be multiple:

  • The attacker sends satoshi to a used address, with a positive balance. A curious mechanism, in reality, the attacker does not get any advantage, given that the movements of the address could also be monitored previously. The only advantage could be to "accustom" the user to receive funds on an address, thus making it less prudent in the real dust attack.
  • The attacker sends satoshi to a used but empty address. The receiver then aggregates those satoshis to a new address by making a payment. At that point, the old address and the new one are "linked" and the attacker can, with methods of chain analysis, try to trace your identity, having discovered, however, that you also have control of the old address.
  • The attacker sets up a bitcoin faucet (or a bitcoin fork - do you remember United Bitcoin?), where it is possible to get some satoshi upon registration with an email. At that point, if you combine those satoshis with your main address, well, the attacker has extra starting data to identify you (an email, even if fake, provides a lot of information, for example, a connection IP).
  • Extremizing: an exchange that offers you $ 30 to register, after KYC, is practically performing a dust attack. Except that in that case, using the chain analysis company you just bought, you can perform a very efficient tracking of your UTXOs. Do you think this is an impossible scenario? it already happened.
  • Exaggerating 2: an exchange (the same as the previous point) offers you $ 80 in shitcoins by answering easy videos and questions, after KYC, is practically performing a dust attack. Except that in that case, using the chain analysis company you just bought, you can perform a very efficient tracking of your UTXOs. Do you think this is an impossible scenario? It is happening now.

So, what to do when you receive dust on your wallet?

Two cases:

  • Attacker sent you on a positive balance address: there's nothing much you can do about that. The address is public, the balance is public, having dust on such address is not something you can control. Spending this dust does not pose any additional threat than moving your coins on that address. You can consolidate those coins and keep with your usual life.
  • Attacker sent you on a zero balance address: this is a proper dust attack. The address is public, but it is not possible to link to your current address. Spending this together with your coins poses a privacy risk. The attacker doesn't know anything about your current address, if you spend the two UTXO together they are able to link them.
    For this reason, you have to use Coin Control feature: clearly mark that dust UTXO as "do not spend" (many wallets allow for this, Wasabi being one of those) to that attacker cannot track you down.

Another example is the exchange airdrops made by our government-friendly exchange:

Let's work an example out.
They give you some Stellar Lumens, provided you see some videos.
Of course, you don't care about XLM's, so once you get them you sell them immediately for BTC.
Since you are an advanced BTC user, you know that "not your keys, not your Bitcoin", so you get your BTC and withdraw them in your private wallet.
You forget for a few weeks.
Two months later, taking advantage of the empty mempool, you decide to consolidate your addresses into one. You then put those few satoshis together with your 100 BTC you bought back in 2010.
Well, now the shrewd chain analytics company is able to understand that even the 100 BTC are yours.
The chain analytics company sells the information to the tax authorities, and you're screwed.
Or sell it to a criminal organization, and you're even more screwed.

How to defend yourself:
Two tips immediately come to mind:
  • Keep the "KYC" and "anonymous" addresses absolutely separate, many wallets allow different UTXOs to be marked with different labels: use this option!
  • If you really need to consolidate the addresses, before doing so, let them go through a coinjoin. However, having an anonymous set is not perfect, but at least you don't have an obvious link to your address.
As usual, I will try to update this thread by completing it with better information and examples as they become available.
I look forward to your comments!

EDIT:
Other reads:
Beware the Dusting Attack
Pages:
Jump to: