P2P Dusting Attack And How Not to Become a Victim

Coyster

legendary

Activity: 1946

Merit: 1224

'Life's but a walking shadow'!

Quote from: CryptoGirl_200x on December 12, 2023, 12:45:49 PM

And concerning wallets with such feature that filters dust coins transactions, I wouldn't mind if you recommend a good one to me. Thank you in advance.

You cannot prevent your wallet from receiving coins, you can manually check your addresses for dust UTXO's and you can also use coin control or address freeze if you want to avoid spending dust UTXO's, but like i said you can't stop it from entering your wallet.

Having said that, you guys are making a mountain of a molehill, there is actually no need to worry about this thing, it is so so so unimportant. You should be looking for good, open source and non-custodial wallets.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Kelward on December 13, 2023, 05:05:16 AM

This thread is a very informative one for me, because I've not had this kind of experience of receiving tokens from an unknown source before, so I'll have to be vigilant now in case if I receive such scam tokens. So the best thing is to move your coins to another wallet, I think that will be the safest thing to do

There is no need to move your tokens elsewhere. Plus, there are no guarantees that dusting attacks or poisoning scams won't happen on your new address as well. And if they do, you can't keep moving the tokens all the time. Apply the correct safety precautions when you send and receive crypto and you won't have to worry about something as unimportant as dusting scams.

Kelward

full member

Activity: 364

Merit: 220

Eloncoin.org - Mars, here we come!

Quote from: Zaguru12 on October 10, 2023, 04:57:50 PM

This attack is same as the address poisoning attack by Pmalek, I will advice you to go through that thread to have more insight in the topic.

This attack is not a thing to be concerned about just that immediately you notice it, the thing to do is move your funds to another wallet but this doesn’t have any harm yet. One of the things this does is something similar to clipboard malware where you got a slightly different address from the one you copy. So when you’re face with attacks like this do well to always check and check the receiving addresses so you don’t send the scammer funds

This thread is a very informative one for me, because I've not had this kind of experience of receiving tokens from an unknown source before, so I'll have to be vigilant now in case if I receive such scam tokens. So the best thing is to move your coins to another wallet, I think that will be the safest thing to do, thankfully the process of opening new wallets is quite easy. Lastly the verification of wallet addresses before sending coins is very important, even beyond being scammed by these fraudsters, without carefully checking to see if each letter or alphabet corresponds with what you're about to send can lead you to send coins into a wrong account. I've had an experience where I copied an address into my wallet, before sending it my mind compelled me to crosscheck first, and to my greatest surprise there was a slight difference, I didn't know how it happened, I only suspected malfunction of my phone, since then I always crosscheck before sending.

CryptoGirl_200x

newbie

Activity: 8

Merit: 8

Quote from: AakZaki on December 12, 2023, 12:35:03 PM

Quote from: albon on December 11, 2023, 06:36:33 PM

Anyone should ignore any dust transactions found in the transaction history without interacting with the transaction details or opening any suspicious and unknown sites that may appear to them. Dust transactions, these small amounts sent to individuals, are an attempt to lure them into phishing sites and malicious websites in the first place. It does not pose a threat, and I see that this attack has become less effective due to increased privacy and security features in many crypto wallets, such as the dust isolation feature. Therefore, everyone should be more cautious and knowledgeable about their actions, researching if they encounter anything suspicious and not hastily connecting their wallet to any phishing domains to which they are directed or attempting to sell scam tokens or NFTs that they see without their knowledge in their wallets.

Being more updated and knowledgeable than scammers will be very useful for avoiding every trap spread by scammers. Dust transactions like that are quite disturbing, because many beginners get trapped and end up losing their assets and having their wallets drained. This will be very dangerous, but there are some wallets that include filters for dust coin transactions so that they cannot be accessed and are included in the spam list.

You are right, one way to defeat scammer and never fall into their hands is by always being one of two steps ahead of them, and to achieve this, we all must always give ourselves to new ideas, new knowledge, new way of doing things and so on, this gives us an edge over the scammers in the sense that, even before a scammer come up with an idea of how to carry out a scam, we ourselves already know or have an understanding of such an idea.

And concerning wallets with such feature that filters dust coins transactions, I wouldn't mind if you recommend a good one to me. Thank you in advance.

AakZaki

legendary

Activity: 2310

Merit: 1076

zknodes.org

Quote from: albon on December 11, 2023, 06:36:33 PM

Anyone should ignore any dust transactions found in the transaction history without interacting with the transaction details or opening any suspicious and unknown sites that may appear to them. Dust transactions, these small amounts sent to individuals, are an attempt to lure them into phishing sites and malicious websites in the first place. It does not pose a threat, and I see that this attack has become less effective due to increased privacy and security features in many crypto wallets, such as the dust isolation feature. Therefore, everyone should be more cautious and knowledgeable about their actions, researching if they encounter anything suspicious and not hastily connecting their wallet to any phishing domains to which they are directed or attempting to sell scam tokens or NFTs that they see without their knowledge in their wallets.

Being more updated and knowledgeable than scammers will be very useful for avoiding every trap spread by scammers. Dust transactions like that are quite disturbing, because many beginners get trapped and end up losing their assets and having their wallets drained. This will be very dangerous, but there are some wallets that include filters for dust coin transactions so that they cannot be accessed and are included in the spam list.

albon

legendary

Activity: 1680

Merit: 1343

Anyone should ignore any dust transactions found in the transaction history without interacting with the transaction details or opening any suspicious and unknown sites that may appear to them. Dust transactions, these small amounts sent to individuals, are an attempt to lure them into phishing sites and malicious websites in the first place. It does not pose a threat, and I see that this attack has become less effective due to increased privacy and security features in many crypto wallets, such as the dust isolation feature. Therefore, everyone should be more cautious and knowledgeable about their actions, researching if they encounter anything suspicious and not hastily connecting their wallet to any phishing domains to which they are directed or attempting to sell scam tokens or NFTs that they see without their knowledge in their wallets.

kentrolla

hero member

Activity: 1540

Merit: 564

Eloncoin.org - Mars, here we come!

I appreciate your time and effort educating the community on this dusting attack. there are various other techniques which is used by scammers but as you mentioned we shouldn't touch or be bothered to do anything with the tokens which reflects in our wallet which doesn't belong to us and never ever click on any suspicious link or don't connect your wallet with any other sites where you are redirected.

Nothing comes free in this world hence anyone claiming to offer you anything for free is a possible scam. I would blame victims rather than the scammers here for believing that they can warn money without any effort.

Coyster

legendary

Activity: 1946

Merit: 1224

'Life's but a walking shadow'!

Quote from: Odusko on December 10, 2023, 04:44:20 PM

and what happened was that my address was replaced with a scammer address which created similar and familiar to my save address, and when I just copied the address and send my coins to that address without checking, and that lead to my coins being sent to a scammer wallet instead of my own wallet, but since then, I have learned my lesson and I can never fall victim to such attack again.

If i understood you correctly, a scammer sent dust into your wallet, from an address that is similar to yours, and when you wanted to send money to yourself, you copied the scammers address instead of yours from your transaction history.

Sorry for whatever you lose then, and good that you now know the right thing to do. For users who do not know, never copy your address from your transaction history, go to the "addresses" tab to get one of your receiving address, or you use the "receive" tab to generate a new address, which is advisable because address reuse doesn't give you any privacy.

DYING_S0UL

sr. member

Activity: 322

Merit: 318

The Alliance Of Bitcointalk Translators - ENG>BAN

Quote from: Gladitorcomeback on December 11, 2023, 08:06:49 AM

This scam attempt is not limited to only tokens, Now scammers sending scam NFT also. i recieved more than 50 scam Nfts which offering giveaway or free airdrop but I already knows and completely ignored from the first days

How did these NFT's end up in your wallet?

I experienced something similar using trust wallet. Many many months ago I joined some airdrops where I had to join some groups, connect wallets, make one transaction, bridging token from testnet etc kind of stuffs. After completion, I would get vouchers or eligible candidate badge or NFT for the upcoming airdrop and giveaways. Later I abandoned this airdrop scam shit. It was just a waste of money and waste of gas fees.

Gladitorcomeback

hero member

Activity: 644

Merit: 591

#SWGT CERTIK Audited

This type of scamming is increased now and it's spreads to almost all chain including old chain Eth, Bsc, polygon and new chain Arb, Optimism, Base. Whenever we make any transactions the scam token deposited in our wallets. I am using Safepal wallet where these scam tokens has been hide automatically but Trustwallet and Bitget wallet (previous bitkeep wallet) showing these scam tokens. Most of scam tokens included a site for swap to victim new users. I appreciate OP work for giving knowledge about this serious issue...

This scam attempt is not limited to only tokens, Now scammers sending scam NFT also. i recieved more than 50 scam Nfts which offering giveaway or free airdrop but I already knows and completely ignored from the first days

Odusko

hero member

Activity: 882

Merit: 507

Defend Bitcoin and its PoW: bitcoincleanup.com

Quote from: Findingnemo on October 13, 2023, 01:11:35 PM

Quote from: CryptoGirl_200x on October 10, 2023, 02:31:10 PM

the amount of cryptocurrency they send to their potential victims is usually so small that sometimes, its hard to notice, but the main goal or purpose of the scammer sending this is to try to trick as many that will notice the transaction, into revealing their private keys, or trick them into visiting a malicious website.

The actual reason for the dusting attack is a threat to the address owner's privacy and FYI receiving some coins whether it dust amount of huge amount has no security concerns so you do not need to worry about the remaining coins in the address or wallet. But if you don't want to compromise privacy then you should freeze that particular UTXO or if the address has no other transactions then freezing the entire address is more than enough so the scammer will never be able to link the funds to any of your addresses.

Address poisoning has been one attack that has led me to heavy loss of coins before, it happened some time ago when I had no knowledge and information about the activities of these scammers, and what happened was that my address was replaced with a scammer address which created similar and familiar to my save address, and when I just copied the address and send my coins to that address without checking, and that lead to my coins being sent to a scammer wallet instead of my own wallet, but since then, I have learned my lesson and I can never fall victim to such attack again.

Findingnemo

hero member

Activity: 2310

Merit: 757

Bitcoin = Financial freedom

Quote from: CryptoGirl_200x on October 10, 2023, 02:31:10 PM

the amount of cryptocurrency they send to their potential victims is usually so small that sometimes, its hard to notice, but the main goal or purpose of the scammer sending this is to try to trick as many that will notice the transaction, into revealing their private keys, or trick them into visiting a malicious website.

The actual reason for the dusting attack is a threat to the address owner's privacy and FYI receiving some coins whether it dust amount of huge amount has no security concerns so you do no need to worry about the remaining coins in the address or wallet. But if you don't want to compromise privacy then you should freeze that particular UTXO or if the address has no other transactions then freezing the entire address is more than enough so the scammer will never be able to link the funds to any of your addresses.

Truthlovecoins

jr. member

Activity: 100

Merit: 4

This article is very educative and I have become more aware of some vulnerabilities that symbiote with owning crypto currency and wallets.
Even the real world bank account holders still suffer the fate of hackers and scammers and fall prey to these phishing sites unknowingly, let alone on a decentralized network.

The key is to always be mindful before clicking on any pop up of freebies that would normally not be there or is too good to be true from a site we have never visited. Also, to use offline wallets from what I have learnt so far is also better than using online wallets that easily use same network to connect to our devices.

Z390

sr. member

Activity: 714

Merit: 296

Cashback 15%

Sadly in crypto world today, you can't open a brand new wallet address without getting sent all those rubbish tokens and coins that doesn't being to you, maybe you should just accept that fact that it's never yours, as there is a big consequences waiting for you if you try to sell what's not yours, so many people have become a victim to this act, and thanks to coin gecko and coin market cap existence if not it will be way worse, now these two platform has all the rightful information about tokens and if you want to add any into your wallet it's better to copy their smart contract address from these two platforms.

Those scammers are now even making duplicate projects with same name but different smart contract, if you aren't careful you can easily compromise your crypto wallet, maybe through buying the wrong token or trying to sell the wrong token, this is also why crypto space isn't a place where you can just do things without doing your own research.

Once you create a new crypto wallet and you send or receive some crypto these scammers will start sending both bad tokens and malicious NFTs, all you have to do is nothing, it's never yours to begin with, do not let greed get the best of you.

Husires

legendary

Activity: 1582

Merit: 1284

Quote from: hatshepsut93 on October 12, 2023, 07:20:47 PM

In Bitcoin there are no vulnerabilities or exploits that can use dust transactions to somehow steal users private keys. In Bitcoin dust spam is used to make users accidentally use that dust in some of their future transactions to reveal more of their addresses..

In the past, this type of attack targeted the Bitcoin network by filling the mempool with many transactions and delaying confirmation times, which made users prefer some altcoins, which is what happened when some wanted to promote BCH, but today there are other reasons for such attacks, one of which is laziness of users. The attack occurs where the fraudster performs a dust attack and expects the user to copy his address, especially since some people copy the address of their last transaction instead of going and requesting the address again.

hatshepsut93

legendary

Activity: 2954

Merit: 2145

In Bitcoin there are no vulnerabilities or exploits that can use dust transactions to somehow steal users private keys. In Bitcoin dust spam is used to make users accidentally use that dust in some of their future transactions to reveal more of their addresses.

Example: you posted your address on this forum but haven't used that address in a while and it has zero balance. You receive some dust to that address and if you don't do manual coin control, your wallet might decide to use that dust together with coins from your other addresses when you send a transaction. Now the attacker will know that those other addresses belong to you, because you used them in the same transaction.

Husires

legendary

Activity: 1582

Merit: 1284

You can modify the settings in your wallet so that you can hide the DUST AMOUNT automatically, and some wallets enable you to hide tokens that have less than $10 in value or $5 or $1. This way you can automatically ignore all these attacks.
The most dangerous attack is to send you a token with a large value, for example $10,000 and $20,000, but it can only be withdrawn from a specific platform. That platform may be fraudulent, or it may request your private keys or send them certain amounts so that you can withdraw $20,000.
Using a good wallet and block explorer that hides these attacks will help you a lot.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: FinneysTrueVision on October 11, 2023, 01:10:36 AM

Any time you make an address publicly known you are open to the possibility of getting dusted.

Not necessarily. Posting addresses publicly or applying to airdrops or giveaways with previously used addresses are some ways you can make yourself a target, but you don't have to do any of that. Most cryptocurrencies have public ledgers. Your addresses are already public knowledge if you have received or sent coins with them. A fraudster only needs the information from blockchain explorers to find new potential victims.

Quote from: TakeItEasy on October 11, 2023, 04:54:19 AM

You should move your funds as soon as possible to save yourself from this attack, I think your wallet will not be affected by this yet, but it will be if you don't move your funds faster.

It's not an attack, and receiving such coins or tokens is harmless. They can't do anything while in your wallet. Only the user can make mistakes trying to engage with them, or like the OP says, visit scam websites and reveal sensitive information. Leave them where they are and continue living your life.

cryptoaddictchie

legendary

Activity: 2072

Merit: 1315

Has anyone received also small tokens on their centralized deposit like example binance? I think even scammers targeting deposit address on eth or any L1 since they can see the activity of the wallet. Sometimes I saw some dust tokens of eth and bsc which I shouldnt have. Too bad its a cex wallet and they can just monitor it and doesnt have private keys.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: CryptoGirl_200x on October 10, 2023, 02:31:10 PM

The main or major reason why scammers engage in p2p dusting attack is for two reasons..

To get their victims to reveal their private key or seed phrase through visiting a clone fake site, which phishes the victim's wallets private information while the victim unsuspectingly tries to connect his or her wallet to the site.
To get the victims to visit a malicious website where they can try to trick the victim into clicking links that could download software that is infected with malware into the victims computer.

The two mentioned reason both lead to one purpose, and that is to steal the victims cryptocurrencies, and maybe other valuable information that could be stored on the victims computer that the scammer have infected.

This is very possible. But another thing that is possible is for the bad actor to try to trace a victim to his real identity. Maybe the victim will create an ad on a decentralized exchange or sell the coin to the bad actor in a way that the victim real name can be known while the bad actor is sending money to the victim's bank account. If it is bitcoin, this is known as dust attack. All you need to do is to use coin control to freeze the coin, or move your coins out of the wallet with coin control and not use the wallet ever again.

If you are dealing with altcoins like USDT, you may think that it is P2P attack that you called it, but it may not be it. Even if you send to your exchange account or send from your exchange account, you may notice dust amount like 0.000005 USDT sent to your noncustodial wallet by bad actors with an address similar to your exchange account or wallet address. They want you to think that it is your exchange account address or an address that belongs to you so that if you want to send altcoin next time, you can mistakenly copy the bad actor address because it is similar to yours.

Topic: P2P Dusting Attack And How Not to Become a Victim (Read 288 times)