What is Bitcoin Dust Attack?

What is Bitcoin Dust Attack?


In this article, we will consider the concept of “dust” in cryptocurrencies. The terms dust or dusting attack are also associated with it. Let’s figure out what the danger of dusty transactions is and how wallets fight these attacks.

What is Dust in Cryptocurrencies?

Dust is small transactions that an attacker uses to spam the network. With their help, he or she can do two things:

  • take a place in the block and load the network,
  • send transactions to specific addresses and de-anonymize the user via UTXO, through a further transfer path.

The smallest unit of BTC is 1 satoshi. Transactions up to 100-200 satoshi are considered dust.

What is Bitcoin Dust Attack?

The First Type of Dust Attacks

Previously, in the cryptocurrency networks which were actively used for payments (primarily Bitcoin), there was competition for a place in the block. This resulted in higher commissions. This was most noticeable at the end of 2017 when the biggest BTC hype in its history awaited.

The now-defunct CoinWallet or F2Pool began filling blocks with small transactions. Their motivation is not fully known, but at the same time, there was a discussion of forks and increasing the block size from 1 to 2 MB.

By itself, a dust attack and spam transaction cannot be considered a full-fledged attack, since anyone can send as much as they want. They pay a commission and are entitled to it. But it turns out that spam on the network causes inconvenience to everyone else. Members must pay higher fees to bypass the dust in the queue. Otherwise, transactions will be stuck indefinitely.

It was a cheap and effective method to spoil the web. But it worked until some scaling solutions were introduced, such as batch processing and SegWit, the introduction of the Lightning Network and other layers of the network. At the moment, it is more profitable to send only large amounts to the network to offset the high fees.

After the dust attacks, a new function was added to wallets — the ability to adjust the commission rate.

Type of Dust Attacks

Deanonymization via UTXO

To better understand the mechanics of this attack, you need to know about UTXO. We have a separate article about this.

The wallet amount consists of inputs. Just like regular bills and coins in your wallet. For example, $1,000 can be represented as $500, 2 for $100, and 5 coins for $60. There are 8 items in total. BTC is stored on the account in the same way, depending on how the amount was formed and what kind of “change” came.

Attackers exploit the fact that the inputs are not mixed. They send in some dust and wait for it to mix with other UTXOs. This allows you to discover which addresses belong to the victim. If you need to track down the addresses of a large company or an important whale, analytics is worth it. Knowledge can be used to predict and trade information, phishing attacks, or extortion.

The original solution to the problem was presented by Peter Todd, Dust-B-Gone.

It is necessary to send the dust so that it is collected in one transaction with the NONE | ANYONECANPAY.

Deanonymization via UTXO

This means that anyone else can add inputs to a transaction, but outputs are undefined. The transaction is then sent to Peter Todd’s server, where the script collects it and other translations together. Periodically, a one-time transaction is received that destroys the dust. Since the small transfers of many people merge, no one can tell where it is or where it comes from, and therefore which coins are associated with the address. This is a kind of mixer.

Gradually updates have introduced wallets. Samourai Wallet now has a coin control function, where you can mark unknown transactions with the “Do not spend” flag.

Coin control is arguably the most effective way to combat this attack. If the recipient can completely ignore the received dust, they will protect their privacy. In addition, not only the attacker wants to deanonymize the user, but also the laboratories under the government.

Frequently Asked Questions (FAQs)

⬛️ How Do You Do a Dust Attack?

When it comes to dust attacks, in order for a dust attack to be able to take place initially, the funds need to be transferred first. This occurs whenever an attacker wants you to add that dust to other funds in the same wallet and then send it out.

Through this procedure, the attacker will essentially find out all of the exchanges under that specific wallet through the usage of various technological means, which would result in the attacker knowing who the wallet owner actually is. In this case, an owner is an object of a series of phishing, cyber extortion, and targeting hacks that occur outside the blockchain network.

Typically, most decentralized finance (DeFi) wallets will make it impossible to reach owners from their blockchain addresses. However, the centralized counterparts to these wallets, such as those found on centralized exchanges, do require a specific level of Know-Your-Customer (KYC) verification, and as such, a dust attack would leave these users vulnerable.

⬛️ How Do I Get Rid of Bitcoin Dust?

In cryptocurrency markets, dust is a reference to a fraction of a cryptocurrency token that is small to a point where it cannot be traded.

As such, most crypto dust ends up idle within many exchange wallets. When it comes to getting rid of the crypto dust, this is largely dependent on the policies of the exchange where this dust has been piling up.

A majority of cryptocurrency exchanges will do little to nothing to address this issue due to the fact that they have minimum trade size requirements, such as 0.0001 of a specific token, or have a minimum withdrawal value that is required in order to cover the transaction cost.

However, there are ways through which you could resolve this issue, such as topping up your dust to the point where it meets the exchange’s minimum withdrawal value requirement, after which you can easily transfer your smaller holdings to an exchange and then use the available crypto dust cleaning features. Then all that’s left for you to do is to withdraw the funds to your bank account.

⬛️ What Happens When You Convert Crypto Dust?

When you convert crypto dust, you are essentially accessing a feature within a cryptocurrency exchange that allows you to convert small token balances, which are leftover from transactions that are lower than the minimum trading limits on the exchange, to a cryptocurrency that you can actually end up trading outside of the exchange.

Typically, within cryptocurrency exchanges that do indeed have functionalities that allow users to clear their crypto dust, users will have to convert small token balances into the cryptocurrency’s native cryptocurrency token. What this means is that a user would have to accumulate a specific amount of crypto dust prior to being enabled the opportunity to convert it or, additionally, top up their balance.

Whenever you convert crypto dust, you are converting it to a token that has enough value to it that you can then trade or withdraw in the form of FIAT currency down the line, providing you the opportunity to clean things off.

⬛️ How Do You Stop Dust Attacks?

If you feel like you have already been dusted, it is important not to move the dust. Instead, look for a wallet application that will allow you to essentially mark down small, unknown deposits to your wallet as a means of preventing them from being used for other transactions down the line.

You also need to monitor your balance all the time if you want to prevent dust attacks. If you notice that cryptocurrencies start showing up in your cryptocurrency wallet, such as wayward satoshis, in that case, this might be an indication that you have been dusted. The best way for you to prevent such attacks is to find a wallet application that has the additional level of functionality associated with it, such as push notifications that tell you the point in time when you receive new funds.

Furthermore, it is always a good idea to never give out private information. What this means is that if a website, or another airdrop entity, asks you for more information aside from just your public wallet address, this is a red flag and should be avoided.