What is a Dusting Attack?

Reading Time: 2 minutes
  • Dusting attacks go largely unnoticed by victims until it’s too late
  • The attack involves a fraction of cryptocurrency being sent to a wallet as a test for a further, larger compromise
  • How do dusting attacks work and how an you guard against them?

Dusting attacks are something that many late entrants in the crypto world may not have come across , but they present the same level of danger as they did since first being discovered. What is a dusting attack, how does it work, and how can you protect against it? FullyCrypto gives you the lowdown on this relatively new way in which hackers are trying to get their hands on your crypto.

Small Amounts Could Mean Big Hacks

‘Dust’ is the term used to describe the tiny amounts of cryptocurrency that are left over when users exchange one token for another. Normally these amounts are insignificant, being worth pennies if that, and most of us just ignore them, although dusting attacks mean that the dust in your wallet may not be as innocent as it seems.

Scammers have realized that people tend to ignore the dust until it accumulates to a decent size when they either move or exchange it, and have started ‘dusting’ a large number of addresses by sending similarly small denominations of coins to them – so small that users can’t tell the difference. Next, the attackers analyze the various addresses they have dusted with the aim of eventually connecting the dusted addresses and wallets to their respective individuals or companies. The attackers may then use this knowledge against their targets, either through phishing attacks or cyber-extortion threats.

How to Prevent Against Dusting Attacks

An effective way of guarding against dusting attacks is to not move any dust you have in your various accounts. This all but eliminates an attacker’s ability to identify the wallet holder as it provides no link between the dusted wallets. If you’re in doubt, you could also check your ‘deposit’ history to see if any unsolicited funds have been added to your account.

In order to preserve privacy, it is also best practice to use a new address for each transaction, a feature that exchanges like Coinbase provide automatically but is something that ERC20 wallets and the like cannot. Interestingly, it’s not just hackers that use dusting attacks to try and identify users, as some authorities have been known to use the method to detect activity they can use against citizens.

The best rule of thumb is to do the opposite of what you should do in your home and leave the dust where it is.