When one cryptocurrency sold on an exchange, there is a chance that a small amount of it will remain, which can be annoying. this “crypto dust” often costs more to move than it’s worth, so there’s no point in trying to get rid of it. Outside of an exchange, however, cryptodust can be used as a wallet tracking tool, an advertising technique, or in preparation for a phishing attack.
Cryptocurrencies can be broken down into very small pieces. Ethereum’s Ether (commonly called “ETH“) has “wow” as its smallest unit, which comes in at 18 decimal places of an ether. This is because Ethereum’s smart contract code cannot divide units into bits smaller than 1, so developers chose to make each number 18 digits long to avoid (significant) rounding errors below mathematical operations, where the decimal point is mostly cosmetic.At the same time, blockchains are completely transparent, giving anyone with access to a block explorer the ability to spy on each other’s transactions and crypto holdings, no matter how small.
Sometimes crypto holders will send small amounts of tokens to “dust“one (or thousands) of other users’ wallets in what is called a”dust attack“, an example recently reported by Blockwork. Malicious dust attacks can include phishing tokens designed to clean the victim’s wallet if they try to remove them, while other times they include a message attached to the transaction promising a fake “token giveaway” scam that steals the victim’s crypto if they fall for it. This technique actually started as a form of advertising on Bitcoin and Litecoin, where mining pools would send crypto dust to thousands of wallets with a message in the transaction’s data advertising their services, but this technique became soon used to create links for phishing attacks, and now nobody trusts crypto dust advertising.
Dust attacks were recently used for denial of service
Recently, the Tornado Cash crypto mixer service was sanctioned. While it probably sounded like the right idea at the time, the government’s intervention backfired on the innocent due to the inability to deny incoming cryptocurrency transfers. As Blockwork Explained at the time, some anonymous trolls used Tornado Cash to perform a dust attack on hundreds of victims, including high-profile celebrities, blockchain developers and politicians, resulting in their wallets being automatically blacklisted by several key Decentralized Finance (DeFi) apps, such as front-end of the Aave lending/loan app and the Uniswap decentralized exchange app. This was the first and only time that a dust attack was successfully used to disrupt the service for other users, and the victims’ accounts were soon removed by the DeFi developers.
Aside from the Tornado Cash event, dust attacks have no obvious effects, but they’re still scary. They are mainly used to find out which wallets are owned by the same person for the purpose of targeting them with phishing attacks, or even blackmail. Crypto wallets are “pseudonym“, so it is possible to use a dust attack combined with blockchain analysis and social engineering to find out who owns a set of crypto wallets, especially if they own an NFT domain name. Hackers, fraudsters and government agents alike will dust thousands of wallets, and then observe where the dust goes in hopes of finding out which wallets are connected to each other.Fortunately, the best way to not fall victim to a dust attack is to simply never use the dust, which many personal wallets have as a security feature that should always be enabled Of course, this precaution can be obfuscated if a user shares NFTs on their social media accounts, making them the owner of the wallet(s) that owns the NFTs.
When the topic of wallet dusting or dust attacks comes up, it’s usually as a surveillance technique to “de-anonymize” someone’s wallet, often to prepare to launch a phishing attack, but sometimes to discern a real-world identity and do much worse. While not exactly harmless, today dusting is almost always done with sinister purposes, and most users will never know they were dusted at all, so it helps to always leave cryptocurrency dust behind after each transfer.
Sources: Block works
