deanonymizing attacks – Dusting Attacks

deanonymizing attacks – Dusting Attacks.

Privacy and security are getting more and more valuable every day, not only for the ones that have something to hide but for all of us. And those are particularly valuable for cryptocurrency traders and investors.

Have you ever received a random token you did not buy within your wallet? This could be a dusting attack and is to be taken VERY seriously. DO NOT MOVE OR SELL THE TOKENS.

This attack is performed by all types of different individuals, agencies, and governments all with their own malicious intents.

What is a dusting attack?

This is an attack that involves breaking the privacy of cryptocurrency users by sending tiny amounts of coins to their wallets. The transactional activity of these wallets is then tracked down by the attackers, who perform a combined analysis of different addresses to deanonymize the person/s behind each wallet.

What is dust?

Dust is an amount that is so small that most users don't even notice. However, within cryptocurrency exchanges, dust is also the name given to tiny amounts of coins that "get stuck" on users' accounts after trading orders are executed.
When it comes to Bitcoin, there is no official definition for dust because each client may assume a different threshold. The Bitcoin Core defines dust as any transaction output that is lower than the transaction fees, which leads to the concept of dust limit. This means that any regular transaction equal to or smaller than 546 satoshis will be considered spam and are likely to be rejected by the validating nodes.

Dusting attacks

People realized that cryptocurrency users don't pay much attention to random tiny amounts showing up in their wallets. So, they began dusting a large number of addresses.
After dusting different addresses, the next step of a dusting attack involves a combined analysis of those addresses in an attempt to identify which ones belong to the same crypto wallet. The goal is to eventually link the dusted addresses and wallets to their respective individuals. If successful, the attackers may use this knowledge against their targets, either through elaborated phishing attacks or cyber-extortion threats.
Due to most blockchains being public. Dust attacks are now happening on all blockchains not just BTC.
Since dusting attacks rely on a combined analysis of multiple addresses, if a dust fund is not moved, attackers aren't able to make the connections they need to "deanonymize" the wallets.
In October 2020, scammers started performing a new kind of dusting attack on the Binance Chain (BC). They sent tiny amounts of BNB to multiple addresses, leaving a link to a malicious website in the transaction Memo.

Peer-to-peer (P2P) transactions are more likely to remain anonymous because they are performed without the involvement of any intermediary. However, many crypto exchanges collect personal data through KYC verification processes, meaning that when users move funds between their personal wallets and exchange accounts, they are taking the risk of being somehow deanonymized.
It's important to keep in mind that, unlike many tend to believe, Bitcoin is not really an anonymous cryptocurrency. Besides the recently created dusting attacks, there are many companies, research labs, and governmental agencies performing blockchain analyses in an attempt to deanonymize blockchain networks and some argue they have already made significant progress.

While the Bitcoin blockchain is nearly impossible to hack or disrupt, the wallets often present a significant point of concern. Typically, you don't provide personal information when creating a new wallet or address, so you can't prove theft if some hacker gains access to their coins and even if they could, that would be useless.
When you hold cryptocurrencies in a personal wallet, you are acting as your own bank. There is nothing you can do if your wallet gets hacked or you lose your private keys.

Along with dusting and other deanonymizing attacks, it's also important to be wary of the other security threats that are part of the cryptocurrency space, such as Cryptojacking, Ransomware, and Phishing. Additional security measures may include installing a VPN along with a trustworthy antivirus in all of your devices, encrypting your wallets, and storing your keys inside encrypted folders.

Ideally, a brand new Bitcoin address should be created for every new receiving transaction or payment request. Creating new addresses helps protect users' privacy.