Understanding Litecoin’s Dusting Attack: What Happened and Why

Published at: Aug. 15, 2019

On Aug. 10, the Binance and Litecoin (LTC) community came to life as news of a potential “dusting attack” was announced through the official Binance Twitter account. In the tweet, the team explained that around 50 Binance Litecoin addresses received a fractional amount (0.00000546) of Litecoin, which the exchange’s security team identified as a part of large-scale dusting attack. 

Related: Litecoin Halving Aftermath: LTC Price, Hash Rate, Community Reaction

James Jager, project lead at Binance Academy and the person who first identified the attack, discussed the event with Cointelegraph:

“It was network-wide, which meant it affected all users of litecoin that had an active litecoin address at the time. The address of the person responsible for the dusting attack can be found here: https://blockchair.com/litecoin/address/LeEMCDHmvDb2MjhVHGphYmoGeGFvdTuk2K

“We became aware of the dusting attack on Saturday morning when one of our binance angels had received a small amount of LTC into their litecoin wallet.”

Jan Happel, co-founder of blockchain data provider Glassnode, looked into the dusting attack to confirm the extent of it. Although Binance reported that 50 users had been affected, Happel believes that the scale was much more widespread, with almost 300,000 LTC addresses showing signs of dusting. Possibly even more interesting was the extra data that came up, showing a previously unreported dusting attack that occurred earlier this year in April. Happel told Cointelegraph:

“We have done a quick query into the LTC blockchain and analyzed the number of utxo's that carry a smaller value than the mean tx fee that day. If a UTXO contains less balance than the minimum amount required to spend it (fee) that day, it becomes stuck/unspendable — this is what we technically define as dust.”

The graph below shows the reported volume of dusting attacks that affected LTC wallets.

The key to a dusting attack is the unspent transaction output (UTXO). This is like a signature assigned to any unspent value, and when a transaction is completed, many of these UTXOs are merged to make up the transaction amount. By tracking these UTXOs, someone can track different wallet addresses to one specific user. The concept of dusting attacks became prominent in 2018, when Samourai Wallet warned its users regarding a dusting attack targeting a large number of Bitcoin (BTC) wallets. The digital wallet provider tweeted:

This was the first time a large-scale attack of this kind had occurred. Dusting attacks are not only limited to Bitcoin or Litecoin but can be done on any public blockchain. It is also important to note that dusting can be used for different motives, as explained by Jager: “The term 'dusting attack' is a fairly broad statement and the actual intent behind the attacks don't necessarily always align to be the same.” After making the announcement, the attack took an interesting twist when the offender contacted Binance in response to the public warning. Jager explained:

“The person behind the dusting attack owns a mining pool based out of Russia, EMCD[dot]io. They reached out to express that their intent was to advertise their mining pool to the users of Litecoin, however, it's unclear from our perspective or anyone else's as to whether there were alternative motives. The owner of the pool was not aware that he was subjecting all these users to a dusting attack and spreading fear among the Litecoin community.

“It's interesting to note, that even if this was not the intent of the mining pool owner, he provided a base for malicious actors to analyze. You see, the person responsible for conducting the dusting attack doesn't necessarily have to be the one collecting the data, they can just merely be providing a service so that someone else can collect all the information and analyze it at a later date.”

What initially seems like a small, unharmful activity can be very dangerous, which can undermine user anonymity and be used against you to steal your precious digital assets. Although the danger of this attack is apparent, it appeared to have little effect on the sentiment of the Litecoin community. Indeed, the 24 hours after the attack saw the price rise approximately 5%. 

How do dusting attacks work?

To begin with, hackers send a tiny fraction of any given cryptocurrency (BTC, LTC, etc.) to a large group of addresses. These small fractions are referred to as dust, and the amount could be as small as 1 Satoshi, which most users don’t even notice or may think of as harmless. As defined by Binance Academy, a dusting attack refers to a relatively new kind of malicious activity in which hackers and scammers send tiny amounts of crypto to wallets in an attempt to deanonymize their owners. The danger comes in what this opens the victim up to, as Jager explained:

“Dusting attacks generally involve a combined analysis of the dust sent to many users, allowing people to break the privacy of bitcoin or litecoin and potentially launch phishing campaigns or cyber-extortion threats.”

The attacker then waits for the user to spend the dust along with the UTXO. Once the wallet of a user mixes this dust with the main holdings and subsequently spends it, the attacker will be able to deanonymize the user and will track all their wallet addresses, which includes automatically regenerated addresses in the future as well.

At any given time, all the crypto in a wallet is an unspent transaction output. It's in a wallet because it hasn't been spent yet — hence the name. When added up, every UTXO in existence is the same as adding up all the wallet balances in existence.

The UTXOs and the wallet balance will always be the same amount, but they aren't the same thing, due to most wallets allowing a user to generate an almost limitless amount of new addresses for each transaction. The Bitcoin white paper suggested this as a security aspect, saying, "as an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner."

This is what a "hierarchical deterministic wallet" is, a wallet that generates new addresses for each transaction to better protect the privacy of its owner. The dust helps this because wallets will automatically sweep together different UTXOs from different addresses. Essentially, an attacker will sprinkle that dust over many different wallets and then watch that dust to see how much of it might get swept up into the same transaction. If some amount is included, the attacker can conclude that the same person owns all of those addresses. The attacker can use this knowledge to target his victim via phishing attacks or even blackmail them if they are operating from a high-risk country.

Dusting as a tool

Sometimes, dusting can also be used as a marketing tool to advertise a service or raise awareness of a product. For example, on the blockchain social media platform Steemit, users receive small amounts of Steem in their wallets along with a message regarding the services offered. 

Another instance was when BestMixer.io, a cryptocurrency mixing service that anonymizes cryptocurrencies, used dusting as a promotional tool. In October 2018, hundreds of Bitcoin users began receiving small amounts of BTC from BestMixer.io. Along with this dust, there was a promotional message that described its service. The platform used this method to effectively target potential users at a marginal cost.

Also, dusting attacks can reportedly be used to defeat Anti-Money Laundering strategies employed by law enforcement and regulators. A portion of the dirty money is used for dusting thousands of wallets. By doing this, criminals can provide a smokescreen for illegal transactions, thereby sending regulatory algorithms into a wild goose chase.

How to protect yourself?

The best way to protect against such activity is to use the strategy advised by Samurai Wallet, which provided the users with a “do not spend” feature. This allows the user to mark small, unknown deposits in their wallet in order to never use this UTXO for further transactions.

Dusting attacks are mainly targeted at private wallet holders. Therefore, it’s essential to keep track of incoming funds, and it’s always a good idea to use a wallet address only once, which provides further protection. Other security measures may include installing a virtual private network, or VPN, along with a trustworthy antivirus on all of the devices that are used to access crypto, as well as encrypting wallets and storing keys inside encrypted folders. 

Tags
Related Posts
Crypto Markets Teeter on New Year's Eve, With Mostly Losses Across the Board
Monday, Dec. 31 — on the cusp of the new year, all but one of the top 20 cryptocurrencies by market cap are in the red, as data from Coin360 shows. Losses among the larger cryptos are tempered, with most losing 2-3 percent, and losses capped at 6 percent. Market visualization by Coin360 Bitcoin (BTC) has seen a mild loss of around 2 percent over the 24 hours to press time, currently trading at $3,816. The closing week of 2018 has been a volatile one, with Bitcoin breaking above $4,200 Dec. 24, before sustaining several days of losses to trade …
Bitcoin / Dec. 31, 2018
Bitcoin Hovers Near 6,600, While Most Top Coins See Little Price Volatility
Friday, Oct. 5: cryptocurrencies are seeing little volatility over the past 24 hours to press time, with the majority of losses and gains of top coins capped within a 1 percent range on the day, as data from Coin360 shows. Market visualization by Coin360 Ripple (XRP) is the only outlier in the top ten coins, down a little over 3 percent on the day to trade at $0.52. The asset – which in September briefly outflanked Ethereum to seal the second spot ranking on CoinMarketCap listings – has had a shaky start to the month, and is currently trading almost …
Bitcoin / Oct. 5, 2018
Ethereum and Litecoin make a move while Bitcoin price searches for firmer footing
Crypto price action has been rough over the past few months, but a few green shoots are finally beginning to emerge. While Bitcoin (BTC) remains in a downtrend, its price has recently found support at the $17,000 level, and ping-pong price action in the $16,700–$17,300 range appears to be allowing traders to pursue some interesting setups in a few altcoins. Let’s take a quick peek at some enticing patterns showing up on the weekly time frame. Time for Litecoin’s halving hopium? As a fork of Bitcoin, Litecoin (LTC) tends to turn bullish several months before its reward halving takes place, …
Bitcoin / Dec. 9, 2022
Price analysis 1/11: BTC, ETH, BNB, XRP, ADA, DOGE, MATIC, DOT, LTC, UNI
Crypto and stock markets are usually forward-looking. Meaning, traders tend to ignore the near-term negatives and focus on the positives down the line. With Bitcoin’s (BTC) next halving in 2024, analysts are shifting their attention to this event. Independent market analyst Rekt Capital highlighted this unique market dynamic in 2015 and 2019, a year before halving, Bitcoin rallied 234% and 316% respectively. If history repeats itself, Bitcoin’s price action may spring a surprise in 2023. However, the near term remains uncertain and the Consumer Price Index (CPI) data on Jan. 12 may lead to a sharp uptick in volatility. Some …
Bitcoin / Jan. 11, 2023
Crypto recruitment execs reveal the safest jobs amid layoff season
Despite a wave of heavy crypto layoffs to start the new year, employees in technical and engineering roles, as well as senior management, will likely continue to see “strong demand” for their skills, recruitment professionals believe. It’s been a tough first few weeks of 2023 for crypto businesses and their staff. Within just two weeks, the market has already seen more than 1,600 crypto-related job cuts as a result of continued market volatility and uncertainty. However, not all departments have seen the same level of cuts. SAFU: Senior-level tech and engineering Rob Paone, founder and CEO of crypto recruitment firm …
Blockchain / Jan. 18, 2023