What is a Crypto Dusting Attack? (And How to Protect Yourself)
Unfortunately, although cryptocurrency is a wonderful thing, there are so many ways scammers take advantage of users. One of these ways is via a dusting attack.
A dusting attack is when a scammer sends a small amount of cryptocurrency to your account. Although it might seem like a mistake, once in your account, these tokens serve a nefarious purpose. Read on to learn more about cryptocurrency dusting attacks and what you should do if you become a victim of one.
What is a Dusting Attack?
A dusting attack is when a malicious actor sends a small amount of cryptocurrency (called dust) to several wallet addresses. Typically, the amount is so small that the recipient doesn’t immediately realize they’ve become a victim of a scam. Dust scams can be perpetuated with any form of cryptocurrency, from Bitcoin to Dogecoin to tokens you’ve never heard of before.
In more advanced attacks, the malicious actor may even spoof a recent wallet address you’ve received cryptocurrency from, hoping to fool you into thinking they may be a friend or known entity. These are the most dangerous types of dust attacks.
What Do Criminals Gain From a Dusting Attack?
For those new to cryptocurrency, dust attacks, at first glance, may appear harmless. Unfortunately, this is not the case, and there are several vital pieces of information malicious actors can gain during dust attacks. We will go into them in detail below.
1. Wallet Tracking
Attackers can follow the tokens they have sent to you on the blockchain, learning more information about your wallet and the wallets you associate with. They can learn your patterns, as well as information about you. Governments have successfully used dusting attacks to nail down criminals in the past.
Criminals take this a step further, tracking your wallet to find out who you are, but only for the purposes of executing a larger scam on you in the future.
2. Impersonation
In the case of the criminals who take the time to spoof a recent address you have received cryptocurrency from, they do this in the hope you will accidentally send it to them next time, instead of your friend. This particular case is often not done randomly, with criminals only targeting wallets they know hold a plethora of funds. This attack is similar to whale phishing and may be executed simultaneously with social engineering if the malicious actor knows a wallet address attached to socials.
3. Spam
Sometimes, dusting attacks are done for the good old purpose of spamming a network. Malicious actors may do it for the purpose of jamming the network so they can perform other malicious actions on the network. While this is less common on the larger blockchains like Bitcoin, it does happen on some of the smaller ones.
Additionally, most blockchains allow crypto to be sent with a message. Some criminals use this to attach malicious links to the dust they send in the hope that some recipients will click it. This is basically blockchain phishing.
4. Hiding Dirty Money
The final motive is the rarest, but it has happened before. If the government is closing in on a criminal faction, the criminals may attempt to disperse the “dirty money” to throw the government off their trail. Of course, this loses them access to the money, but it may also have the cops knocking at your door instead of theirs. This only happens in very high-level cases, typically when the criminal has more to hide than just a little dirty money.
What Should You Do If You Get Dusted?
If a small amount of cryptocurrency arrives in your account when you weren’t expecting it, do not touch it until you know who it is from. Some wallets also have a way to flag suspicious deposits (often called ‘flag’ or ‘do not spend’) if your wallet has this feature, use it to mark the funds immediately.
Do not click any links, and flag the address you received it from as well. But again, above all else, do not spend the cryptocurrency, as this will allow the scammers to track your wallet.
How to Protect Against Dusting Attacks
Generally, as long as you don’t touch the dust, dusting attacks are rarely serious. However, here are a few ways you can protect against a dusting attack:
1. Use an HD Wallet
HD stands for hierarchical-deterministic, and it is a type of crypto wallet that will change your address every time you transact. This makes it difficult for attackers to trace your address and means any “dust” you receive was truly random.
2. Use a Separate Address for Storage vs. Spending
Attackers pull the addresses they dust directly from the blockchain ledger. As such, any address that sends or receives can be seen and used for dusting. To avoid having an address with a large amount of funds, the subject of a dust attack, we recommend keeping a separate (preferably cold) wallet with your savings, and using a cheaper (easier to replace) wallet for everyday transactions. While this will still cause the address of the cold wallet to pop up from time to time, it will keep it from being flagged as an account with a lot of funds, and it will pop up less often than if you were spending from it regularly.
3. Check Your Account Regularly
Of course, even when you do everything here, you may still receive dust regularly. In general, we recommend staying vigilant, never clicking links, and just checking your account regularly. If an account is receiving dust often, it may be time to change to a new wallet (leave the dust tokens there) or consider purchasing an HD wallet.
Overall, while dust attacks can be scary, they aren’t as damaging as some other attacks. Just be sure that no matter what happens, you don’t click links and you don’t touch the dust. Leaving it untouched is often the only way to break the cycle.
