What Are Dusting Attacks & How To Prevent Them?

2021-9-22 15:15

There is an ongoing arms race in the tech security industry. The bad guys find another way to exploit the system and the good guys try to patch up the leak. It’s not necessarily a bad thing. It’s how security tech advances, and it drives the cryptography industry. The latest onslaught is more subtle and will not directly result in someone emptying your crypto wallet, but it’s worth being aware of it.

You may have heard recently about dusting attacks, but what are they? Why are they a problem, and how can we defend against them?

What is a dusting attack?

Dust refers to the small quantities of crypto left in your wallet after a trade. These frustrating remnants are impossible to move as the transaction fees are more than the amount being transferred. In the case of Bitcoin, anything under 5000 satoshis is regarded as dust. This equates to about $2 at today’s rate.

The villain sends small amounts of crypto to thousands of wallets and uses chain analysis to track what happens to these funds next. They can see where they are being sent and establish connections with other wallets they are monitoring.

Once enough common links can be established between groups of wallets, it becomes easier to figure out who owns which wallet. There are already blockchain analysis companies busy creating a map of who likely owns which wallet. Law enforcement and tax authorities have an interest in this too – like I say, all the bad guys!

This is especially a problem if you move your dust to a centralized exchange that associates your wallet addresses with your KYC information. (Know you Customer) If you have ever advertised a receive address on a website to accept payment, you could also be a target.

What are the risks?

At this stage, the risks are not catastrophic as the attacker cannot access your wallet or the crypto it contains. However, it sets up further attacks which can be serious. If you’re going to steal something from somebody, it pays to know what they have and where they keep it. The business of thieving comes later, but a knowledge of who owns what is invaluable.

Once a gang of crooks has figured out which wallets you control and how much is in them, the main follow-up threats are Social Engineering, Phishing, and Ransomware attacks.

Anonymity vs Pseudonymity

The blockchain is totally transparent and contains an auditable list of all the Bitcoin transactions ever made. The wallet addresses, the time, and the amount are all recorded in the ledger. If you give someone your Bitcoin address to transfer you some funds, they can peer into your wallet and see exactly what you have spent and received since the wallet was created.

The Bitcoin network is anything but anonymous, but the twist is that you do not have to supply any personal data to create a wallet. So yes, we can see into every wallet, but we cannot (easily) connect that wallet to an individual. That is pseudonymity.

How do I protect against a dusting attack?

Whenever you receive small amounts of unsolicited cryptocurrency from someone you don’t know, you should leave it alone. Don’t touch it. Either Just let it sit in your wallet, or delete that address and never use it again. As long as you don’t forward it anywhere, the hackers can’t monitor where it goes, obviously. 

The best way to stay as anonymous as possible is to use a newly generated receive address for every transaction. This is not always possible, especially if you are a business taking payment in crypto. It turns managing all your wallet addresses into a logistical nightmare. The risk of misplacing your crypto becomes greater than any risk from the dusting attacks we are trying to protect against.

I was asked whether we would ever run out of Bitcoin wallet addresses. The answer is no. If you estimate 100 billion people using Bitcoin over the next 100 years (12 times as many humans as exist today), they could each have 1,461,501,637,330,900,000,000,000,000,000,000,000 addresses. It’s about a trillion times as many stars exist in the known universe. That should be enough to be getting on with.

Another potential threat concerns smart contracts. Once you click confirm on your DeFi wallet, you are giving access to a smart contract. If you don’t know the provenance of this smart contract, you could be welcoming villains directly into your wallet. Only deal with established ‘Blue Chip’ DeFi companies with a great reputation that have never been hacked.

Another recent scam on the Binance Smart Chain included a website address and a message in the notes, telling you about unclaimed crypto you are missing out on. Again, don’t be fooled. Nobody is giving away free crypto. It’s a scam. If you apply regular internet safety rules to crypto, you should avoid these confidence tricksters. The other maxims to remember are, “There’s no such thing as a free lunch,” and, “If it looks too good to be true, then it probably is.”

Confidence tricksters rely on the greed of their victims. Don’t be greedy!

Summary and Thoughts

Most of the threat at the moment comes from subsequent traditional phishing or social engineering attacks. The dusting attacks merely confirm the identity of the target and what can be stolen. This could change, however. Smart contracts are a powerful technology that has not yet been stress-tested in the wild. This makes them super-vulnerable to attacks from bad actors.

Already we have seen malicious code embedded in smart contracts designed to steal from DeFi wallets. The Unlimited Allowance issue has raised questions about the security of DeFi wallets. It’s impossible to know which exploit will be uncovered next, but it’s interesting to note that dusting attacks still require a good old-fashioned social engineering approach to be successful.

In the real world, each potential threat is identified then countered. New threats are engineered and so the process continues. It’s an essential part of the evolution of decentralized blockchain technology. What doesn’t kill us makes us stronger, so we should embrace the challenge and learn from it. It’s how crypto becomes more secure over time.

The post What Are Dusting Attacks & How To Prevent Them? appeared first on CaptainAltcoin.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

SherLOCK Security (LOCK) на Currencies.ru

$ 0.1387 (+1.71%)
Объем 24H $13
Изменеия 24h: 10.06 %, 7d: -33.06 %
Cегодня L: $0.1387 - H: $0.1387
Капитализация $0 Rank 3458
Доступно / Всего 0 LOCK / 4.969m LOCK

security tech guys industry bad patch try

security tech → Результатов: 126


Innovation in Business Summit 2021

 18 September 2021 — Hyatt Regency Dubai: TECH & SUSTAINABILITY: Information Technology, Artificial Intelligence and Robotics , Data Security & Privacy, Blockchain & Digital Currency, Cloud systems, Business Innovation & Digital Transformation, Green Business, Green Marketing Innovation in Business Summit 2021 invites innovative businesses in Tech and Sustainability sectors to assemble and discuss future possibilities […] Сообщение Innovation in Business Summit 2021 появились сначала на Coinstelegram.

2021-9-17 20:40


Revolut enlists Fireblocks for crypto wallet and network security infrastructure

Fireblocks, a platform for securing blockchain assets, announced today that Revolut, the UK’s fastest-growing private tech company and one of Europe’s largest FinTechs, will be leveraging its unique MPC-based wallet and network infrastructure to support the introduction of new crypto services for its 13 million global retail customers.

2020-10-9 03:54


Which Linux Distro Is Best for Privacy? We’ve Done the Research [Guide]

This article is for people who want more online privacy and security. If you are in a hurry to find your distro, skip ahead to “How to Choose Your Best Linux Privacy Distro.” Why is Linux better than Windows or macOS? Independent security experts favor Linux over either Windows or macOS, explaining all the reasons […] Which Linux Distro Is Best for Privacy? We’ve Done the Research [Guide] was originally found on Blokt - Privacy, Tech, Bitcoin, Blockchain & Cryptocurrency.

2020-6-9 16:33


Ledger Nano S Review: Best-Selling Wallet, Still King in 2020?

The Ledger Nano S is one of the first and most popular hardware wallets designed by French blockchain security company, Ledger. Founded in 2014, the same year as the iconic Mt. Gox exchange hack, Ledger has always had a strong focus on fund security and has since become one of the leading hardware wallet producers in […] Ledger Nano S Review: Best-Selling Wallet, Still King in 2020? was originally found on Cryptocurrency News | Tech, Privacy, Bitcoin & Blockchain | Blokt.

2020-4-1 23:55


Interview with Kristof De Spiegeleer: The Current Internet Has Never Been Designed With Security In Mind

Kristof is a successful entrepreneur and the co-founder of the ThreeFold Foundation. He is building the next generation blockchain-based IT infrastructure. We discussed his journey building tech companies, problems with current IT systems, and what he believes is the future of modern technologies.

2019-12-20 17:54