Author

Topic: P2P Dusting Attack And How Not to Become a Victim (Read 307 times)

legendary
Activity: 2184
Merit: 1302
And concerning wallets with such feature that filters dust coins transactions, I wouldn't mind if you recommend a good one to me. Thank you in advance.
You cannot prevent your wallet from receiving coins, you can manually check your addresses for dust UTXO's and you can also use coin control or address freeze if you want to avoid spending dust UTXO's, but like i said you can't stop it from entering your wallet.

Having said that, you guys are making a mountain of a molehill, there is actually no need to worry about this thing, it is so so so unimportant. You should be looking for good, open source and non-custodial wallets.
legendary
Activity: 2730
Merit: 7065
This thread is a very informative one for me, because I've not had this kind of experience of receiving tokens from an unknown source before, so I'll have to be vigilant now in case if I receive such scam tokens. So the best thing is to move your coins to another wallet, I think that will be the safest thing to do
There is no need to move your tokens elsewhere. Plus, there are no guarantees that dusting attacks or poisoning scams won't happen on your new address as well. And if they do, you can't keep moving the tokens all the time. Apply the correct safety precautions when you send and receive crypto and you won't have to worry about something as unimportant as dusting scams.
sr. member
Activity: 588
Merit: 338
This attack is same as the address poisoning attack by Pmalek, I will advice you to go through that thread to have more insight in the topic.

This attack is not a thing to be concerned about just that immediately you notice it, the thing to do is move your funds to another wallet but this doesn’t have any harm yet. One of the things this does is something similar to clipboard malware where you got a slightly different address from the one you copy. So when you’re face with attacks like this do well to always check and check the receiving addresses so you don’t send the scammer funds

This thread is a very informative one for me, because I've not had this kind of experience of receiving tokens from an unknown source before, so I'll have to be vigilant now in case if I receive such scam tokens. So the best thing is to move your coins to another wallet, I think that will be the safest thing to do, thankfully the process of opening new wallets is quite easy. Lastly the verification of wallet addresses before sending coins is very important, even beyond being scammed by these fraudsters, without carefully checking to see if each letter or alphabet corresponds with what you're about to send can lead you to send coins into a wrong account. I've had an experience where I copied an address into my wallet, before sending it my mind compelled me to crosscheck first, and to my greatest surprise there was a slight difference, I didn't know how it happened, I only suspected malfunction of my phone, since then I always crosscheck before sending.
newbie
Activity: 8
Merit: 8
Anyone should ignore any dust transactions found in the transaction history without interacting with the transaction details or opening any suspicious and unknown sites that may appear to them. Dust transactions, these small amounts sent to individuals, are an attempt to lure them into phishing sites and malicious websites in the first place. It does not pose a threat, and I see that this attack has become less effective due to increased privacy and security features in many crypto wallets, such as the dust isolation feature. Therefore, everyone should be more cautious and knowledgeable about their actions, researching if they encounter anything suspicious and not hastily connecting their wallet to any phishing domains to which they are directed or attempting to sell scam tokens or NFTs that they see without their knowledge in their wallets.
Being more updated and knowledgeable than scammers will be very useful for avoiding every trap spread by scammers. Dust transactions like that are quite disturbing, because many beginners get trapped and end up losing their assets and having their wallets drained. This will be very dangerous, but there are some wallets that include filters for dust coin transactions so that they cannot be accessed and are included in the spam list.
You are right, one way to defeat scammer and never fall into their hands is by always being one of two steps ahead of them, and to achieve this, we all must always give ourselves to new ideas, new knowledge, new way of doing things and so on, this gives us an edge  over the scammers in the sense that, even before a scammer come up with an idea of how to carry out a scam, we ourselves already know or have an understanding of such an idea.

And concerning wallets with such feature that filters dust coins transactions, I wouldn't mind if you recommend a good one to me. Thank you in advance.
legendary
Activity: 2338
Merit: 1084
zknodes.org
Anyone should ignore any dust transactions found in the transaction history without interacting with the transaction details or opening any suspicious and unknown sites that may appear to them. Dust transactions, these small amounts sent to individuals, are an attempt to lure them into phishing sites and malicious websites in the first place. It does not pose a threat, and I see that this attack has become less effective due to increased privacy and security features in many crypto wallets, such as the dust isolation feature. Therefore, everyone should be more cautious and knowledgeable about their actions, researching if they encounter anything suspicious and not hastily connecting their wallet to any phishing domains to which they are directed or attempting to sell scam tokens or NFTs that they see without their knowledge in their wallets.
Being more updated and knowledgeable than scammers will be very useful for avoiding every trap spread by scammers. Dust transactions like that are quite disturbing, because many beginners get trapped and end up losing their assets and having their wallets drained. This will be very dangerous, but there are some wallets that include filters for dust coin transactions so that they cannot be accessed and are included in the spam list.
legendary
Activity: 1890
Merit: 1537
Anyone should ignore any dust transactions found in the transaction history without interacting with the transaction details or opening any suspicious and unknown sites that may appear to them. Dust transactions, these small amounts sent to individuals, are an attempt to lure them into phishing sites and malicious websites in the first place. It does not pose a threat, and I see that this attack has become less effective due to increased privacy and security features in many crypto wallets, such as the dust isolation feature. Therefore, everyone should be more cautious and knowledgeable about their actions, researching if they encounter anything suspicious and not hastily connecting their wallet to any phishing domains to which they are directed or attempting to sell scam tokens or NFTs that they see without their knowledge in their wallets.
hero member
Activity: 1652
Merit: 569
Catalog Websites
I appreciate your time and effort educating the community on this dusting attack. there are various other techniques which is used by scammers but as you mentioned we shouldn't touch or be bothered to do anything with the tokens which reflects in our wallet which doesn't belong to us and never ever click on any suspicious link or don't connect your wallet with any other sites where you are redirected. 

Nothing comes free in this world hence anyone claiming to offer you anything for free is a possible scam. I would blame victims rather than the scammers here for believing that they can warn money without any effort.
legendary
Activity: 2184
Merit: 1302
and what happened was that my address was replaced with a scammer address which created similar and familiar to my save address, and when I just copied the address and send my coins to that address without checking, and that lead to my coins being sent to a scammer wallet instead of my own wallet, but since then, I have learned my lesson and I can never fall victim to such attack again.
If i understood you correctly, a scammer sent dust into your wallet, from an address that is similar to yours, and when you wanted to send money to yourself, you copied the scammers address instead of yours from your transaction history.

Sorry for whatever you lose then, and good that you now know the right thing to do. For users who do not know, never copy your address from your transaction history, go to the "addresses" tab to get one of your receiving address, or you use the "receive" tab to generate a new address, which is advisable because address reuse doesn't give you any privacy.
sr. member
Activity: 322
Merit: 318
The Alliance Of Bitcointalk Translators - ENG>BAN
This scam attempt is not limited to only tokens, Now scammers sending scam NFT also. i recieved more than 50 scam Nfts which offering giveaway or free airdrop but I already knows and completely ignored from the first days
How did these NFT's end up in your wallet?

I experienced something similar using trust wallet. Many many months ago I joined some airdrops where I had to join some groups, connect wallets, make one transaction, bridging token from testnet etc kind of stuffs. After completion, I would get vouchers or eligible candidate badge or NFT for the upcoming airdrop and giveaways. Later I abandoned this airdrop scam shit. It was just a waste of money and waste of gas fees.
hero member
Activity: 812
Merit: 619
This type of scamming is increased now and it's spreads to almost all chain including old chain Eth, Bsc, polygon and new chain Arb, Optimism, Base. Whenever we make any transactions the scam token deposited in our wallets. I am using Safepal wallet where these scam tokens has been hide automatically but Trustwallet and Bitget wallet (previous bitkeep wallet) showing these scam tokens. Most of scam tokens included a site for swap to victim new users. I appreciate OP work for giving knowledge about this serious issue...

This scam attempt is not limited to only tokens, Now scammers sending scam NFT also. i recieved more than 50 scam Nfts which offering giveaway or free airdrop but I already knows and completely ignored from the first days

hero member
Activity: 1008
Merit: 520
Leading Crypto Sports Betting & Casino Platform

the amount of cryptocurrency they send to their potential victims is usually so small that sometimes, its hard to notice, but the main goal or purpose of the scammer sending this is to try to trick as many that will notice the transaction, into revealing their private keys, or trick them into visiting a malicious website.


The actual reason for the dusting attack is a threat to the address owner's privacy and FYI receiving some coins whether it dust amount of huge amount has no security concerns so you do not need to worry about the remaining coins in the address or wallet. But if you don't want to compromise privacy then you should freeze that particular UTXO or if the address has no other transactions then freezing the entire address is more than enough so the scammer will never be able to link the funds to any of your addresses.
Address poisoning has been one attack that has led me to heavy loss of coins before,  it happened some time ago when I had no knowledge and information about the activities of these scammers, and what happened was that my address was replaced with a scammer address which created similar and familiar to my save address, and when I just copied the address and send my coins to that address without checking, and that lead to my coins being sent to a scammer wallet instead of my own wallet, but since then, I have learned my lesson and I can never fall victim to such attack again.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom

the amount of cryptocurrency they send to their potential victims is usually so small that sometimes, its hard to notice, but the main goal or purpose of the scammer sending this is to try to trick as many that will notice the transaction, into revealing their private keys, or trick them into visiting a malicious website.


The actual reason for the dusting attack is a threat to the address owner's privacy and FYI receiving some coins whether it dust amount of huge amount has no security concerns so you do no need to worry about the remaining coins in the address or wallet. But if you don't want to compromise privacy then you should freeze that particular UTXO or if the address has no other transactions then freezing the entire address is more than enough so the scammer will never be able to link the funds to any of your addresses.
jr. member
Activity: 118
Merit: 4
This article is very educative and I have become more aware of some vulnerabilities that symbiote with owning crypto currency and wallets.
Even the real world bank account holders still suffer the fate of hackers and scammers and fall prey to these phishing sites unknowingly, let alone on a decentralized network.

The key is to always be mindful before clicking on any pop up of freebies that would normally not be there or is too good to be true from a site we have never visited. Also, to use offline wallets from what I have learnt so far is also better than using online wallets that easily use same network to connect to our devices.
sr. member
Activity: 812
Merit: 315
Vave.com - Crypto Casino
Sadly in crypto world today, you can't open a brand new wallet address without getting sent all those rubbish tokens and coins that doesn't being to you, maybe you should just accept that fact that it's never yours, as there is a big consequences waiting for you if you try to sell what's not yours, so many people have become a victim to this act, and thanks to coin gecko and coin market cap existence if not it will be way worse, now these two platform has all the rightful information about tokens and if you want to add any into your wallet it's better to copy their smart contract address from these two platforms.

Those scammers are now even making duplicate projects with same name but different smart contract, if you aren't careful you can easily compromise your crypto wallet, maybe through buying the wrong token or trying to sell the wrong token, this is also why crypto space isn't a place where you can just do things without doing your own research.

Once you create a new crypto wallet and you send or receive some crypto these scammers will start sending both bad tokens and malicious NFTs, all you have to do is nothing, it's never yours to begin with, do not let greed get the best of you.




legendary
Activity: 1596
Merit: 1288
In Bitcoin there are no vulnerabilities or exploits that can use dust transactions to somehow steal users private keys. In Bitcoin dust spam is used to make users accidentally use that dust in some of their future transactions to reveal more of their addresses..


In the past, this type of attack targeted the Bitcoin network by filling the mempool with many transactions and delaying confirmation times, which made users prefer some altcoins, which is what happened when some wanted to promote BCH, but today there are other reasons for such attacks, one of which is laziness of users. The attack occurs where the fraudster performs a dust attack and expects the user to copy his address, especially since some people copy the address of their last transaction instead of going and requesting the address again.
legendary
Activity: 3024
Merit: 2148
In Bitcoin there are no vulnerabilities or exploits that can use dust transactions to somehow steal users private keys. In Bitcoin dust spam is used to make users accidentally use that dust in some of their future transactions to reveal more of their addresses.

Example: you posted your address on this forum but haven't used that address in a while and it has zero balance. You receive some dust to that address and if you don't do manual coin control, your wallet might decide to use that dust together with coins from your other addresses when you send a transaction. Now the attacker will know that those other addresses belong to you, because you used them in the same transaction.

legendary
Activity: 1596
Merit: 1288
You can modify the settings in your wallet so that you can hide the DUST AMOUNT automatically, and some wallets enable you to hide tokens that have less than $10 in value or $5 or $1. This way you can automatically ignore all these attacks.
The most dangerous attack is to send you a token with a large value, for example $10,000 and $20,000, but it can only be withdrawn from a specific platform. That platform may be fraudulent, or it may request your private keys or send them certain amounts so that you can withdraw $20,000.
Using a good wallet and block explorer that hides these attacks will help you a lot.
legendary
Activity: 2730
Merit: 7065
Any time you make an address publicly known you are open to the possibility of getting dusted.
Not necessarily. Posting addresses publicly or applying to airdrops or giveaways with previously used addresses are some ways you can make yourself a target, but you don't have to do any of that. Most cryptocurrencies have public ledgers. Your addresses are already public knowledge if you have received or sent coins with them. A fraudster only needs the information from blockchain explorers to find new potential victims.

You should move your funds as soon as possible to save yourself from this attack, I think your wallet will not be affected by this yet, but it will be if you don't move your funds faster.
It's not an attack, and receiving such coins or tokens is harmless. They can't do anything while in your wallet. Only the user can make mistakes trying to engage with them, or like the OP says, visit scam websites and reveal sensitive information. Leave them where they are and continue living your life.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
Has anyone received also small tokens on their centralized deposit like example binance? I think even scammers targeting deposit address on eth or any L1 since they can see the activity of the wallet. Sometimes I saw some dust tokens of eth and bsc which I shouldnt have. Too bad its a cex wallet and they can just monitor it and doesnt have private keys.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
The main or major reason why scammers engage in p2p dusting attack is for two reasons..
  • To get their victims to reveal their private key or seed phrase through visiting a clone fake site, which phishes the victim's wallets private information while the victim unsuspectingly tries to connect his or her wallet to the site.
  • To get the victims to visit a malicious website where they can try to trick the victim into clicking links that could download software that is infected with malware into the victims computer.
The two mentioned reason both lead to one purpose, and that is to steal the victims cryptocurrencies, and maybe other valuable information that could be stored on the victims computer that the scammer have infected.
This is very possible. But another thing that is possible is for the bad actor to try to trace a victim to his real identity. Maybe the victim will create an ad on a decentralized exchange or sell the coin to the bad actor in a way that the victim real name can be known while the bad actor is sending money to the victim's bank account. If it is bitcoin, this is known as dust attack. All you need to do is to use coin control to freeze the coin, or move your coins out of the wallet with coin control and not use the wallet ever again.

If you are dealing with altcoins like USDT, you may think that it is P2P attack that you called it, but it may not be it. Even if you send to your exchange account or send from your exchange account, you may notice dust amount like 0.000005 USDT sent to your noncustodial wallet by bad actors with an address similar to your exchange account or wallet address. They want you to think that it is your exchange account address or an address that belongs to you so that if you want to send altcoin next time, you can mistakenly copy the bad actor address because it is similar to yours.
sr. member
Activity: 1622
Merit: 270
Undeads.com - P2E Runner Game
WHAT IS P2P DUSTING ATTACK?

P2P dusting attack is a cryptocurrency scam where the scammer sends small amount of cryptocurrency to a large amount of people, potential victims actually.
the amount of cryptocurrency they send to their potential victims is usually so small that sometimes, its hard to notice, but the main goal or purpose of the scammer sending this is to try to trick as many that will notice the transaction, into revealing their private keys, or trick them into visiting a malicious website.

You should move your funds as soon as possible to save yourself from this attack, I think your wallet will not be affected by this yet, but it will be if you don't move your funds faster. Try not to click on these links that you seem are malicious, most new users clicked these links and they think that this will be a link the P2P user provided, but the scammers scammed these persons and stole their money, which is a big loss for the user.

So, it would be better to change the password or they should make sure that they have transferred their funds, and the user can also use the wallet which can easily control the coins.
sr. member
Activity: 1680
Merit: 379
Top Crypto Casino
Any time you make an address publicly known you are open to the possibility of getting dusted. The purpose of these types of attacks, on Bitcoin at least, is to try and deanonymize you. Since the amount of dust you receive is too small to spend as a single UTXO you will have to add more inputs to your transaction. If additional inputs are from a coinjoin and the dust is from an address linked to your identity, then your coinjoined UTXOs are no longer anonymous.

Dusting attacks can also be used to taint your coins by sending you small payments from an address associated with illegal activity. If you were to send coins from and address which has received tainted coins to an AML compliant exchange you could get flagged for suspicious activity.

You can mitigate the risks from dust attacks by using a wallet that allows coin control.
sr. member
Activity: 966
Merit: 306
WHAT IS P2P DUSTING ATTACK?

P2P dusting attack is a cryptocurrency scam where the scammer sends small amount of cryptocurrency to a large amount of people, potential victims actually.
the amount of cryptocurrency they send to their potential victims is usually so small that sometimes, its hard to notice, but the main goal or purpose of the scammer sending this is to try to trick as many that will notice the transaction, into revealing their private keys
It is not to reveal private keys but to expose receivers to potential careless mistaken transactions to scammer addresses.

Receivers only lose their coins, tokens by sending their coins to wrong addresses (of scammers).

Quote
or trick them into visiting a malicious website.
Usually they direct to phishing sites or websites of scam projects.

Dust Attack, what it is, why it is dangerous and how to prevent falling to it
What are Address Poisoning Scams?
Address poisoning scams
hero member
Activity: 2632
Merit: 833
hero member
Activity: 868
Merit: 952
This attack is same as the address poisoning attack by Pmalek, I will advice you to go through that thread to have more insight in the topic.

This attack is not a thing to be concerned about just that immediately you notice it, the thing to do is move your funds to another wallet but this doesn’t have any harm yet. One of the things this does is something similar to clipboard malware where you got a slightly different address from the one you copy. So when you’re face with attacks like this do well to always check and check the receiving addresses so you don’t send the scammer funds
hero member
Activity: 700
Merit: 673
Most of these attacks are generally common, not just on P2P but on altcoins, and they're found on networks with low transaction fees like BSC and Polygon. This is where I have seen them very common, as you can see many worthless tokens that can't be exchanged or traded in any open market, but most of them have value and a price attached to them, which makes it appear tempting for those who are unaware to try looking for a way to sell them.
 
Another thing I learned from these scam tokens is that they usually have a specific exchange that they use; some are their own built-in dex, which they can use to extract the user's wallet information (phrase or private key) immediately after they grant their wallet access to it. It's just advisable that we avoid such tokens as much as we can.
 
But just doing research about such coins can't make someone lose their wallet access. As you are researching to get information about them and not clicking on links that have been provided by them, it's only when one connects their wallet and grants them access that they can take control over their wallet, not just when the person tries to run research about them.
newbie
Activity: 8
Merit: 8
WHAT IS P2P DUSTING ATTACK?

P2P dusting attack is a cryptocurrency scam where the scammer sends small amount of cryptocurrency to a large amount of people, potential victims actually.
the amount of cryptocurrency they send to their potential victims is usually so small that sometimes, its hard to notice, but the main goal or purpose of the scammer sending this is to try to trick as many that will notice the transaction, into revealing their private keys, or trick them into visiting a malicious website.

WHY ITS IMPORTANT TO AVOID BEING A VICTIM TO P2P DUSTING ATTACK.

The main or major reason why scammers engage in p2p dusting attack is for two reasons..
  • To get their victims to reveal their private key or seed phrase through visiting a clone fake site, which phishes the victim's wallets private information while the victim unsuspectingly tries to connect his or her wallet to the site.
  • To get the victims to visit a malicious website where they can try to trick the victim into clicking links that could download software that is infected with malware into the victims computer.
The two mentioned reason both lead to one purpose, and that is to steal the victims cryptocurrencies, and maybe other valuable information that could be stored on the victims computer that the scammer have infected.

HOW TO AVOID BEING A VICTIM TO P2P DUSTING ATTACK

The first and major way to avoid being a victim to such attack is to completely ignore such transaction when they appear on your wallet, no need even search for where it came from, don't even try sending it back or selling the token on a decentralized exchange, no matter the worth, the attacker might drain your wallet during such process, just allow the token to sit there, and if you are not comfortable having them in your wallet, simply move your main crypto assets to another wallet and abandon that wallet - thank goodness wallet creation is free, you can create as many as you want.

Secondly, avoid visiting site that you are familiar with, but even when you find your self on a site you are not very sure of its reputation, then be very careful with clicking on links or downloading any file from such site.

I came across this information on Binance feed, i found it very educative, and i decided to share it here, I hope we all stay safe out here or there.
Jump to: