Privacy is a valued characteristic of blockchain transactions. Many cryptocurrency advocates choose this relatively recent form of money, favoring increased privacy and identity security.
Today’s risk cannot be used to access users’ money and steal their crypto assets, however, illicit actors could use it to undermine the privacy of cryptocurrency holders and coerce their holdings.
Blockchain technology operates on the principle of pseudonymity, which means that individuals behind cryptocurrency addresses remain anonymous without divulging personal information. However, the blockchain ledger maintains transparency and traceability, making all transactions openly accessible. Consequently, users’ activities can be traced by scrutinizing the historical records linked to their specific addresses.
Crypto dusting or token dusting attack is a blockchain-based attack on existing wallets and addresses to breach the privacy of the individuals or groups controlling cryptocurrency wallets, deanonymize them, and hopefully, reveal personal information related to their owners.
This technique may achieve a variety of goals, some of which can be utilized by law enforcement against malicious actors. Today we shed light on how crypto dusting attacks work and how they could benefit law enforcement investigators.
Crypto dust refers to trace amounts of cryptocurrency, typically with negligible monetary value, left over from various activities on the blockchain. It can be a byproduct of transactions. Like spare change after a purchase, crypto dust accumulates from the minuscule leftovers after trades or transactions. Imagine buying Bitcoin (BTC) with Ethereum (ETH). You might aim to use all your ETH, but due to the exact exchange rate, a tiny amount of ETH (like 0.0000001 ETH) might be left over.
There isn’t a single, universally defined lowest limit for dust, however, there’s a dust threshold per blockchain. It is the minimum amount considered dust by a particular wallet. The Bitcoin blockchain, for example, considers anything below 546 satoshis (parts of a Bitcoin) to be dust. However, this threshold can vary between different implementations.
Dust is often equal to or lower than a transaction fee. Dust could also be the small amount of cryptocurrency that remains from rounding errors or transaction fees and can accumulate over time.
It is a small amount of cryptocurrency sent to a large number of wallet addresses with benevolent or malicious purposes. Dusting attacks exploit the amount of visibility in blockchain transactions by strategically sending tiny amounts of cryptocurrency to a multitude of wallet addresses.
Crypto Dusting Attacks Malice
Dusting is a vague activity, malicious actors benefit from employing this type of attack in various scenarios.
Privacy breach
In dusting attacks, hackers send dust to a large number of addresses hoping users will consolidate them. Since dust amounts are too small for individual transactions, users have to consolidate them. This can link previously separate accounts publicly on the blockchain, compromising an individual’s privacy. This can also reveal transaction patterns, potentially de-anonymizing wallets. For users who value anonymity, dust attacks can be particularly damaging.
Money Laundering and sanctions evasion
Dusting attacks can hinder Anti-Money Laundering (AML) efforts. Criminals might use a small portion of their illicit funds to dust thousands of wallets, creating a smokescreen that obfuscates their trace and impedes investigators. This makes it more difficult for authorities to track the flow of dirty money and identify suspicious activity.
Phishing, extortion, and more
Dusting attacks are prevalent across various public blockchains like Bitcoin, Litecoin, and Dogecoin. Hackers aim to link attacked addresses to real-world identities and use this knowledge for malicious purposes. This can include phishing scams, extortion threats, blackmail, or even identity theft for financial gain. Phishing emails might masquerade as exchange support or wallet providers, tricking users into revealing their login credentials. Extortion attempts could threaten to expose the user’s crypto holdings or linked identities unless a ransom is paid.
Law Enforcement and legitimate users can also benefit from dusting tactics. Here is how:
Promotional tool
Dust transactions can carry promotional messages, acting as a less intrusive alternative to email marketing. This approach may be particularly useful for promoting new cryptocurrencies or exchange features directly to potential users’ wallets. Regular users can also use this feature to record information on a blockchain transaction.
Screenshot from a Bitcoin transaction with a message recorded about government body movement speculation: “SEC Chairman on the brink of second ETF approval.” – Source: Mempool.space
Government investigations
Authorities can utilize dusting to connect cryptocurrency addresses to individuals or organizations involved in criminal activities like money laundering, tax evasion, or terrorism. This helps identify criminals, gather evidence, and enforce regulations. For instance, dusting can be used to track suspicious transactions across multiple wallets or identify mixers used to anonymize illicit funds.
How Crypto Dusting Attack Works
While sending crypto dust itself isn’t inherently complex, challenges arise from transaction fees. When the dust amount falls below the transaction fee threshold, sending it cost-effectively becomes impractical. Hence, here’s how it works:
-
- Dusting: The attacker sends minuscule amounts of crypto dust to a large number of wallet addresses. This can be thousands or even hundreds of thousands of addresses.
-
- Tracking Movement: Blockchains record all transactions, even tiny dust ones. The attacker monitors these transactions, waiting to see if the dust moves.
-
- De-anonymizing: If a user consolidates the dust (because it’s too small to use individually), it reveals activity on that address. By analyzing patterns of dust movement across different addresses, the attacker might be able to link them together and potentially connect them to a real-world identity.
By incorporating the dust into other transactions, recipients may unwittingly transfer it to off-blockchain centralized entities. These entities, mandated to comply with Know Your Customer (KYC) regulations, retain personal data, rendering victims vulnerable to phishing, cyber extortion, and other targeted attacks. For instance, the victim may be interacting with notorious services or sanctioned exchanges on one of the extra addresses, previously unlinked to the original address targeted by the attack. The attacker can threaten to expose this information if the victim doesn’t send a large sum of money back to the attacker.
The concept of dusting attacks became prominent in 2018 when Samourai Wallet warned its users regarding a dusting attack targeting a large number of Bitcoin (BTC) wallets. The digital wallet provider tweeted:
If you have recently received a very small amount of BTC in your wallet unexpectedly, you may be the target of a “dusting attack” designed to deanonymise you by linking your inputs together – Samourai users can mark this utxo as “Do Not Spend” to nip the attack in the bud. pic.twitter.com/23MLFj4eXQ
— Samourai Wallet (@SamouraiWallet) October 25, 2018
This was the first large-scale attack of this kind to occur.
Crypto dusting attacks pose a threat to a fundamental characteristic of cryptocurrency transactions.
Book a demo to learn how QLUE™ helps Investigate dusting attacks on various blockchains with ease.
