Pages:
Author

Topic: P2P Dusting Attack And How Not to Become a Victim (Read 307 times)

legendary
Activity: 2184
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
And concerning wallets with such feature that filters dust coins transactions, I wouldn't mind if you recommend a good one to me. Thank you in advance.
You cannot prevent your wallet from receiving coins, you can manually check your addresses for dust UTXO's and you can also use coin control or address freeze if you want to avoid spending dust UTXO's, but like i said you can't stop it from entering your wallet.

Having said that, you guys are making a mountain of a molehill, there is actually no need to worry about this thing, it is so so so unimportant. You should be looking for good, open source and non-custodial wallets.
legendary
Activity: 2730
Merit: 7065
This thread is a very informative one for me, because I've not had this kind of experience of receiving tokens from an unknown source before, so I'll have to be vigilant now in case if I receive such scam tokens. So the best thing is to move your coins to another wallet, I think that will be the safest thing to do
There is no need to move your tokens elsewhere. Plus, there are no guarantees that dusting attacks or poisoning scams won't happen on your new address as well. And if they do, you can't keep moving the tokens all the time. Apply the correct safety precautions when you send and receive crypto and you won't have to worry about something as unimportant as dusting scams.
sr. member
Activity: 588
Merit: 338
This attack is same as the address poisoning attack by Pmalek, I will advice you to go through that thread to have more insight in the topic.

This attack is not a thing to be concerned about just that immediately you notice it, the thing to do is move your funds to another wallet but this doesn’t have any harm yet. One of the things this does is something similar to clipboard malware where you got a slightly different address from the one you copy. So when you’re face with attacks like this do well to always check and check the receiving addresses so you don’t send the scammer funds

This thread is a very informative one for me, because I've not had this kind of experience of receiving tokens from an unknown source before, so I'll have to be vigilant now in case if I receive such scam tokens. So the best thing is to move your coins to another wallet, I think that will be the safest thing to do, thankfully the process of opening new wallets is quite easy. Lastly the verification of wallet addresses before sending coins is very important, even beyond being scammed by these fraudsters, without carefully checking to see if each letter or alphabet corresponds with what you're about to send can lead you to send coins into a wrong account. I've had an experience where I copied an address into my wallet, before sending it my mind compelled me to crosscheck first, and to my greatest surprise there was a slight difference, I didn't know how it happened, I only suspected malfunction of my phone, since then I always crosscheck before sending.
newbie
Activity: 8
Merit: 8
Anyone should ignore any dust transactions found in the transaction history without interacting with the transaction details or opening any suspicious and unknown sites that may appear to them. Dust transactions, these small amounts sent to individuals, are an attempt to lure them into phishing sites and malicious websites in the first place. It does not pose a threat, and I see that this attack has become less effective due to increased privacy and security features in many crypto wallets, such as the dust isolation feature. Therefore, everyone should be more cautious and knowledgeable about their actions, researching if they encounter anything suspicious and not hastily connecting their wallet to any phishing domains to which they are directed or attempting to sell scam tokens or NFTs that they see without their knowledge in their wallets.
Being more updated and knowledgeable than scammers will be very useful for avoiding every trap spread by scammers. Dust transactions like that are quite disturbing, because many beginners get trapped and end up losing their assets and having their wallets drained. This will be very dangerous, but there are some wallets that include filters for dust coin transactions so that they cannot be accessed and are included in the spam list.
You are right, one way to defeat scammer and never fall into their hands is by always being one of two steps ahead of them, and to achieve this, we all must always give ourselves to new ideas, new knowledge, new way of doing things and so on, this gives us an edge  over the scammers in the sense that, even before a scammer come up with an idea of how to carry out a scam, we ourselves already know or have an understanding of such an idea.

And concerning wallets with such feature that filters dust coins transactions, I wouldn't mind if you recommend a good one to me. Thank you in advance.
legendary
Activity: 2338
Merit: 1084
zknodes.org
Anyone should ignore any dust transactions found in the transaction history without interacting with the transaction details or opening any suspicious and unknown sites that may appear to them. Dust transactions, these small amounts sent to individuals, are an attempt to lure them into phishing sites and malicious websites in the first place. It does not pose a threat, and I see that this attack has become less effective due to increased privacy and security features in many crypto wallets, such as the dust isolation feature. Therefore, everyone should be more cautious and knowledgeable about their actions, researching if they encounter anything suspicious and not hastily connecting their wallet to any phishing domains to which they are directed or attempting to sell scam tokens or NFTs that they see without their knowledge in their wallets.
Being more updated and knowledgeable than scammers will be very useful for avoiding every trap spread by scammers. Dust transactions like that are quite disturbing, because many beginners get trapped and end up losing their assets and having their wallets drained. This will be very dangerous, but there are some wallets that include filters for dust coin transactions so that they cannot be accessed and are included in the spam list.
legendary
Activity: 1890
Merit: 1537
Anyone should ignore any dust transactions found in the transaction history without interacting with the transaction details or opening any suspicious and unknown sites that may appear to them. Dust transactions, these small amounts sent to individuals, are an attempt to lure them into phishing sites and malicious websites in the first place. It does not pose a threat, and I see that this attack has become less effective due to increased privacy and security features in many crypto wallets, such as the dust isolation feature. Therefore, everyone should be more cautious and knowledgeable about their actions, researching if they encounter anything suspicious and not hastily connecting their wallet to any phishing domains to which they are directed or attempting to sell scam tokens or NFTs that they see without their knowledge in their wallets.
hero member
Activity: 1652
Merit: 569
Catalog Websites
I appreciate your time and effort educating the community on this dusting attack. there are various other techniques which is used by scammers but as you mentioned we shouldn't touch or be bothered to do anything with the tokens which reflects in our wallet which doesn't belong to us and never ever click on any suspicious link or don't connect your wallet with any other sites where you are redirected. 

Nothing comes free in this world hence anyone claiming to offer you anything for free is a possible scam. I would blame victims rather than the scammers here for believing that they can warn money without any effort.
legendary
Activity: 2184
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
and what happened was that my address was replaced with a scammer address which created similar and familiar to my save address, and when I just copied the address and send my coins to that address without checking, and that lead to my coins being sent to a scammer wallet instead of my own wallet, but since then, I have learned my lesson and I can never fall victim to such attack again.
If i understood you correctly, a scammer sent dust into your wallet, from an address that is similar to yours, and when you wanted to send money to yourself, you copied the scammers address instead of yours from your transaction history.

Sorry for whatever you lose then, and good that you now know the right thing to do. For users who do not know, never copy your address from your transaction history, go to the "addresses" tab to get one of your receiving address, or you use the "receive" tab to generate a new address, which is advisable because address reuse doesn't give you any privacy.
sr. member
Activity: 322
Merit: 318
The Alliance Of Bitcointalk Translators - ENG>BAN
This scam attempt is not limited to only tokens, Now scammers sending scam NFT also. i recieved more than 50 scam Nfts which offering giveaway or free airdrop but I already knows and completely ignored from the first days
How did these NFT's end up in your wallet?

I experienced something similar using trust wallet. Many many months ago I joined some airdrops where I had to join some groups, connect wallets, make one transaction, bridging token from testnet etc kind of stuffs. After completion, I would get vouchers or eligible candidate badge or NFT for the upcoming airdrop and giveaways. Later I abandoned this airdrop scam shit. It was just a waste of money and waste of gas fees.
hero member
Activity: 812
Merit: 619
This type of scamming is increased now and it's spreads to almost all chain including old chain Eth, Bsc, polygon and new chain Arb, Optimism, Base. Whenever we make any transactions the scam token deposited in our wallets. I am using Safepal wallet where these scam tokens has been hide automatically but Trustwallet and Bitget wallet (previous bitkeep wallet) showing these scam tokens. Most of scam tokens included a site for swap to victim new users. I appreciate OP work for giving knowledge about this serious issue...

This scam attempt is not limited to only tokens, Now scammers sending scam NFT also. i recieved more than 50 scam Nfts which offering giveaway or free airdrop but I already knows and completely ignored from the first days

hero member
Activity: 1106
Merit: 526
Leading Crypto Sports Betting & Casino Platform

the amount of cryptocurrency they send to their potential victims is usually so small that sometimes, its hard to notice, but the main goal or purpose of the scammer sending this is to try to trick as many that will notice the transaction, into revealing their private keys, or trick them into visiting a malicious website.


The actual reason for the dusting attack is a threat to the address owner's privacy and FYI receiving some coins whether it dust amount of huge amount has no security concerns so you do not need to worry about the remaining coins in the address or wallet. But if you don't want to compromise privacy then you should freeze that particular UTXO or if the address has no other transactions then freezing the entire address is more than enough so the scammer will never be able to link the funds to any of your addresses.
Address poisoning has been one attack that has led me to heavy loss of coins before,  it happened some time ago when I had no knowledge and information about the activities of these scammers, and what happened was that my address was replaced with a scammer address which created similar and familiar to my save address, and when I just copied the address and send my coins to that address without checking, and that lead to my coins being sent to a scammer wallet instead of my own wallet, but since then, I have learned my lesson and I can never fall victim to such attack again.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom

the amount of cryptocurrency they send to their potential victims is usually so small that sometimes, its hard to notice, but the main goal or purpose of the scammer sending this is to try to trick as many that will notice the transaction, into revealing their private keys, or trick them into visiting a malicious website.


The actual reason for the dusting attack is a threat to the address owner's privacy and FYI receiving some coins whether it dust amount of huge amount has no security concerns so you do no need to worry about the remaining coins in the address or wallet. But if you don't want to compromise privacy then you should freeze that particular UTXO or if the address has no other transactions then freezing the entire address is more than enough so the scammer will never be able to link the funds to any of your addresses.
jr. member
Activity: 118
Merit: 4
This article is very educative and I have become more aware of some vulnerabilities that symbiote with owning crypto currency and wallets.
Even the real world bank account holders still suffer the fate of hackers and scammers and fall prey to these phishing sites unknowingly, let alone on a decentralized network.

The key is to always be mindful before clicking on any pop up of freebies that would normally not be there or is too good to be true from a site we have never visited. Also, to use offline wallets from what I have learnt so far is also better than using online wallets that easily use same network to connect to our devices.
sr. member
Activity: 812
Merit: 315
Vave.com - Crypto Casino
Sadly in crypto world today, you can't open a brand new wallet address without getting sent all those rubbish tokens and coins that doesn't being to you, maybe you should just accept that fact that it's never yours, as there is a big consequences waiting for you if you try to sell what's not yours, so many people have become a victim to this act, and thanks to coin gecko and coin market cap existence if not it will be way worse, now these two platform has all the rightful information about tokens and if you want to add any into your wallet it's better to copy their smart contract address from these two platforms.

Those scammers are now even making duplicate projects with same name but different smart contract, if you aren't careful you can easily compromise your crypto wallet, maybe through buying the wrong token or trying to sell the wrong token, this is also why crypto space isn't a place where you can just do things without doing your own research.

Once you create a new crypto wallet and you send or receive some crypto these scammers will start sending both bad tokens and malicious NFTs, all you have to do is nothing, it's never yours to begin with, do not let greed get the best of you.




legendary
Activity: 1596
Merit: 1288
In Bitcoin there are no vulnerabilities or exploits that can use dust transactions to somehow steal users private keys. In Bitcoin dust spam is used to make users accidentally use that dust in some of their future transactions to reveal more of their addresses..


In the past, this type of attack targeted the Bitcoin network by filling the mempool with many transactions and delaying confirmation times, which made users prefer some altcoins, which is what happened when some wanted to promote BCH, but today there are other reasons for such attacks, one of which is laziness of users. The attack occurs where the fraudster performs a dust attack and expects the user to copy his address, especially since some people copy the address of their last transaction instead of going and requesting the address again.
legendary
Activity: 3038
Merit: 2162
In Bitcoin there are no vulnerabilities or exploits that can use dust transactions to somehow steal users private keys. In Bitcoin dust spam is used to make users accidentally use that dust in some of their future transactions to reveal more of their addresses.

Example: you posted your address on this forum but haven't used that address in a while and it has zero balance. You receive some dust to that address and if you don't do manual coin control, your wallet might decide to use that dust together with coins from your other addresses when you send a transaction. Now the attacker will know that those other addresses belong to you, because you used them in the same transaction.

legendary
Activity: 1596
Merit: 1288
You can modify the settings in your wallet so that you can hide the DUST AMOUNT automatically, and some wallets enable you to hide tokens that have less than $10 in value or $5 or $1. This way you can automatically ignore all these attacks.
The most dangerous attack is to send you a token with a large value, for example $10,000 and $20,000, but it can only be withdrawn from a specific platform. That platform may be fraudulent, or it may request your private keys or send them certain amounts so that you can withdraw $20,000.
Using a good wallet and block explorer that hides these attacks will help you a lot.
legendary
Activity: 2730
Merit: 7065
Any time you make an address publicly known you are open to the possibility of getting dusted.
Not necessarily. Posting addresses publicly or applying to airdrops or giveaways with previously used addresses are some ways you can make yourself a target, but you don't have to do any of that. Most cryptocurrencies have public ledgers. Your addresses are already public knowledge if you have received or sent coins with them. A fraudster only needs the information from blockchain explorers to find new potential victims.

You should move your funds as soon as possible to save yourself from this attack, I think your wallet will not be affected by this yet, but it will be if you don't move your funds faster.
It's not an attack, and receiving such coins or tokens is harmless. They can't do anything while in your wallet. Only the user can make mistakes trying to engage with them, or like the OP says, visit scam websites and reveal sensitive information. Leave them where they are and continue living your life.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
Has anyone received also small tokens on their centralized deposit like example binance? I think even scammers targeting deposit address on eth or any L1 since they can see the activity of the wallet. Sometimes I saw some dust tokens of eth and bsc which I shouldnt have. Too bad its a cex wallet and they can just monitor it and doesnt have private keys.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
The main or major reason why scammers engage in p2p dusting attack is for two reasons..
  • To get their victims to reveal their private key or seed phrase through visiting a clone fake site, which phishes the victim's wallets private information while the victim unsuspectingly tries to connect his or her wallet to the site.
  • To get the victims to visit a malicious website where they can try to trick the victim into clicking links that could download software that is infected with malware into the victims computer.
The two mentioned reason both lead to one purpose, and that is to steal the victims cryptocurrencies, and maybe other valuable information that could be stored on the victims computer that the scammer have infected.
This is very possible. But another thing that is possible is for the bad actor to try to trace a victim to his real identity. Maybe the victim will create an ad on a decentralized exchange or sell the coin to the bad actor in a way that the victim real name can be known while the bad actor is sending money to the victim's bank account. If it is bitcoin, this is known as dust attack. All you need to do is to use coin control to freeze the coin, or move your coins out of the wallet with coin control and not use the wallet ever again.

If you are dealing with altcoins like USDT, you may think that it is P2P attack that you called it, but it may not be it. Even if you send to your exchange account or send from your exchange account, you may notice dust amount like 0.000005 USDT sent to your noncustodial wallet by bad actors with an address similar to your exchange account or wallet address. They want you to think that it is your exchange account address or an address that belongs to you so that if you want to send altcoin next time, you can mistakenly copy the bad actor address because it is similar to yours.
Pages:
Jump to: