CAUTION IF YOU RECEIVE HASHPANDA DO NOT SWAP IT. IT IS A KNOWN EXPLOIT AND YOU WILL LIKELY BE TARGETED FOR PHISHING. SIMPLY “HIDE” IT AND DO NOT TOUCH IT. LEARN MORE ABOUT THE DUSTING ATTACK HERE.
The goal is to eventually link the dusted addresses and wallets to their respective companies or individuals. If successful, the attackers may use this knowledge against their targets, either through elaborated phishing attacks or cyber-extortion threats.
What Is a Dusting Attack?
What is dust?
When it comes to Bitcoin, there is no official definition for dust because each software implementation (or client) may assume a different threshold. The Bitcoin Core defines dust as any transaction output that is lower than the transaction fees, which leads to the concept of dust limit.
Malicious actors realized that cryptocurrency users don’t pay much attention to these tiny amounts showing up in their wallet addresses. So they began “dusting” a large number of addresses by sending a few satoshis to them (i.e., a small amount of LTC, BTC or other cryptocurrencies). After dusting different addresses, the next step of a dusting attack involves a combined analysis of those addresses in an attempt to identify which ones belong to the same crypto wallet.
Dust attacks were initially performed on the Bitcoin network, but they are also happening with Litecoin, BNB, and other cryptocurrencies. This is possible because most cryptocurrencies are running on top of a traceable and public blockchain.
Since dusting attacks rely on a combined analysis of multiple addresses, if a dust fund is not moved, attackers aren’t able to make the connections they need to “deanonymize” the wallets. Samourai Wallet already has the ability to automatically report suspicious transactions to their users. Despite the dust limit of 546 satoshis, many dusting attacks today are well above it and are usually ranging from 1000 to 5000 satoshis.
Dusting attacks on the Binance Chain (BC)
In October 2020, scammers started performing a new kind of dusting attack on the Binance Chain (BC). They sent tiny amounts of BNB to multiple addresses, leaving a link to a malicious website in the transaction Memo. Be careful! This is a scam. There is no BNB to be claimed.
An example of a Binance Chain dusting attack.
Since Bitcoin is open and decentralized, anyone can set up a wallet and join the network without providing any personal information. Although all Bitcoin transactions are public and visible, it’s not always easy to find the identity behind each address or transaction. This is what makes Bitcoin somewhat anonymous – but not completely.
While the Bitcoin blockchain is nearly impossible to hack or disrupt, the wallets often present a significant point of concern. Typically, you don’t provide personal information when creating a new wallet or address, so you can’t prove theft if some hacker gains access to their coins – and even if they could, that would be useless.
When you hold cryptocurrencies in a personal wallet, you are acting as your own bank. There is nothing you can do if your wallet gets hacked or your lose your private keys.
Privacy and security are getting more and more valuable every day, not only for the ones that have something to hide but for all of us. And those are particularly valuable for cryptocurrency traders and investors.