How to Prevent and Detect Bitcoin Dust Attacks

ryan

The goal of Bitcoin dust attack is to expose your identity and holdings.

An attacker will send a small amount of crypto to different wallet addresses hoping the wallet owner will eventually batch or consolidate their UTXOs, including the dust, to use in a future transaction.

Once the recipient (you) spends the dust in a transaction, the attacker can connect the dots to associate the dusted address with other addresses you own. 

For example, if you inadvertently send the dust to a centralized exchange to cash out, the attacker could target you with a phishing attack to compromise your account or install malware. 

Most dust can’t be spent on its own because it’s too small and less than the network fee.  

To spend the dust, you must combine the dust with other UTXOs which is exactly what the attacker wants you to do.  

How to protect your wallet from bitcoin dusting?

You can’t prevent a dusting attack because anyone can send Bitcoin to any address without censorship. 

Here are some proactive measures to protect against a dust attack:

  1. Before creating a transaction, regularly scan your wallet for dust size UTXOs.
  2. Most wallets have default dust thresholds that will automatically reject, isolate and freeze suspected dusting UTXOs.  Bitcoin Core has a 546 satoshi dust limit.  
  3. Create a rule in your wallet, if available, that prevents UTXOs under a certain value from being included in a transaction.  
  4. Only use wallets with a Coin Control feature.  The wallet owner can select to include or exclude certain UTXOs from a transaction. 
  5. Use an HD Wallet to generate a new address every time you receive Bitcoin.  Hackers often fine tune their research looking for addresses which have received more than one transaction which can place a target on your back.  
  6. Whitelisting, if provided by your wallet, sets specific addresses and prevents inadvertently sending crypto to an address you haven’t previously authorized.  
  7. Don’t commingle coins from different sources or addresses.  
  8. Practice UTXO management, including a UTXO consolidation strategy.
  9. Execute good crypto operational security.  For example, use a VPN to avoid geolocation and log in to a website from your browser rather than clicking a link in an email the website sent you.  Inadvertently scanning fake QR codes on bogus phishing sites or offline IRL is another exploit hackers will target.  
  10. Avoid signing up for free airdrops of crypto as these sites are often created by the attacker to resemble authentic sites with the purpose of getting you to connect a wallet or disclose an address or other personally identifiable information.
  11. Avoid using vanity addresses which are susceptible to ‘address poisoning’ where the attacker finds your vanity address, creates a similar address to transact with your vanity address hoping you accidentally transact with the fake address instead of your real address at some point in the future.  Double check you’re using the correct address.

As the Bitcoin price goes up and Bitcoin transaction fees increase, dusting attacks are becoming more expensive for the attacker.  The natural reaction for the attacker is to focus their attention on wallets with higher balances which should put Bitcoin wholecoiners on high alert. 

What should I do if my wallet is dusted?

The proactive actions we suggested in the previous section may help you mitigate a crypto dusting attack.

If you’ve been dusted, don’t freak out and don’t spend any Bitcoin dust in a transaction.  

In fact, don’t even click on the token to prevent any malicious code in a smart contract from activating.  

Pro Tip: Identify the unsolicited dust-size UTXOs.  Freeze the UTXOs you deem as malicious or mark/note as Do Not SpendArchiving the UTXO is your safest option and be cautious if your wallet offers a dust conversion to swap the UTXO for another coin.  

The attacker is baiting you to interact with the dust so they can track the transaction, even if it’s a swap, then analyze future transactions until they find a vulnerability. 

Software wallets, particularly browser-based, are more frequently attacked with altcoin dusting because these wallets are primarily used for Web3, Decentralized Apps (DApps), and altcoins.  

You can use a blockchain explorer to trace the transaction if you receive dust.  Check your address to see who the sender was.  Next, check the sender’s address on the explorer to see how many other dust transactions were created.  

Report dusting attacks to your wallet provider and to law enforcement’s cyber division like the FBI’s guidance for cryptocurrency scam victims

Will I lose my Bitcoin if I spend the dust?

Transacting with Bitcoin dust won’t necessarily allow the hacker to drain your wallet but does open the vulnerability for them to de-anonymize the wallet and target you with a phishing attack to eventually gain access. 

Crypto dusting with altcoins is more common than Bitcoin dusting because it’s cheaper and more susceptible to smart contracts which do have the ability to access your keys and drain the wallet thanks to blind signing.  

Smart contracts are embedded into transactions and most wallets do not show the details of the functions in the smart contact.  

The vulnerability of smart contracts is linked to code designed to execute when you link your wallet to a specific website, most commonly a decentralized exchange, which can execute a set of instructions to drain your wallet. 

This happens more commonly with DeFi compared to Bitcoin because it’s cheaper to transact and easier to exploit

Risks of Promotional Crypto Dusting

Not all dust is a scam or attack.  

Researchers use dust to gather data.  Governments use dust to identify criminal activity.  Developers use dust to stress test their software.  Marketers use dusting to promote new projects.

New crypto projects (NFTs and coins) dust addresses similar to spamming an email address. 

The dust UTXOs could be benign and contain promotional messages or simply meant to entice you to search for the project and visit the project’s website.  

You still shouldn’t engage (click, transact, swap) with dust, ever!

How do you know that the site you’re visiting is legitimate?  What if an attacker created a fake spoofed site (or app) and got it to rank higher than the legitimate site?

Even if you’re certain the site is legitimate, once you open the site your IP address can expose city, state, country, latitude, longitude, ZIP code, time zone, ISP and other sensitive data.  

Now that the marketer or hacker knows your location, if you interact with the dust you could get doxed and and inadvertently reveal your crypto net worth.

Getting doxed by a dusting attack is easier than you might think. 

Transacting with dust is always a NO!

Personally, accepting airdrops from sites that I haven’t vetted are always a NO!  

There’s no such thing as a free lunch.

Stay vigilant, trust no one, and do your own research!

Note: Stratus does NOT provide investment, legal or tax advice.  All information in this article is for educational purposes and should not be interpreted as investment, legal or tax advice.  The opinions expressed are those of the author for informational purposes and neither Stratus nor the author are liable for any errors, inaccuracies or omissions.  Digital assets, such as cryptocurrencies or decentralized finance, present unique risks for investors.  For investment, legal, tax, or other financial guidance you should consult your own advisor.