Every time a cryptocurrency is sold on the exchange, there is a risk that a tiny amount will be left over, which can be annoying. This “crypto dust“often costs more to move than it’s worth, so trying to get rid of it is pointless. Outside of an exchange, however, crypto dust can be used as a wallet tracker, an advertising technique or as preparation for a phishing attack.
Cryptocurrencies can be subdivided into very small pieces. Ethereum’s ether (commonly referred to as “ETH“) to the “weias its smallest unit, 18 decimal places of an ether. This is because Ethereum’s smart contract code cannot split units into chunks smaller than 1, so the developers chose to make each number 18 digits to avoid (significant) rounding errors during math operations, the decimal being mostly cosmetic. At the same time, blockchains are fully transparent, giving anyone with access to a block explorer the ability spy on others’ crypto transactions and holdings, no matter how small.
Sometimes crypto holders will send tiny amounts of tokens to “dust“one (or thousands) of other users’ wallets in what is called a”dust attack“, an example of which was recently reported by blockages. Malicious dusting attacks can include phishing tokens designed to wipe their victim’s wallet if they attempt to delete them, while other times they include a message attached to the transaction promising a fake “token gift“scam that steals their victim’s crypto if they fall for it. This technique actually started as a form of advertising on Bitcoin and Litecoin, where mining pools would send crypto dust to thousands of wallets with a message in the transaction data advertising their services, but this technique was soon appropriated to create malicious phishing attack links, and now no one trusts crypto dust advertisements.
Dusting attacks have recently been used for denial of service
Recently, the crypto mixer service Tornado Cash was sanctioned. While it probably seemed like the right idea at the time, government intervention backfired on innocent people due to the inability to refuse incoming cryptocurrency transfers. As blockages explained at the time, some Anonymous trolls used Tornado Cash to perform a sprinkling attack on hundreds of victims, including high-profile celebrities, blockchain developers, and politicians, resulting in the blackout. automatic indexing of their wallets by several prominent decentralized finance (DeFi) applications, such as front-end lending/borrowing app Aave and decentralized exchange app Uniswap. It was the first and only time a dusting attack was successfully used to offensively disrupt service for other users, and the victims’ accounts were quickly unbanned by DeFi developers.
Aside from the Tornado Cash incident, dusting attacks don’t have any obvious effects, but they’re still sinister. They are mainly used to find out which wallets belong to the same person in order to target them with phishing or even blackmail attacks. Crypto wallets are “pseudonym“, so it is possible to use a dusting attack combined with blockchain analysis and social engineering to determine who owns a set of crypto wallets, especially if they own an NFT domain name. Hackers , crooks and government agents will dust thousands of wallets, then watch where the dust goes in hopes of finding out which wallets are associated with each other. dust is to never spend dust, which many personal wallets have as a security feature that should always be enabled Of course, this precaution can be rendered useless if a user shares NFTs on their social media accounts, causing designates as the owner of the wallet(s) that owns the NFTs.
When the topic of dusting or wallet dusting attacks comes up, it’s usually a monitoring technique to “de-anonymize“someone’s wallet, often to prepare for a phishing attack, but sometimes to discern a real identity and do much worse. While not directly harmless, dusting today is almost always done with sinister intent, and most users will never know they were dusted at all, so it helps to always leave cryptocurrency dust after each transfer.