Last post, I talked about dust.
Now, let's get dirty and discuss dusting attacks.
The intention is nefarious -- to get ahold of your personal info via your KTCs with all the companies you do your crypto business with.
That's not the amusing bit.
What is the amusing bit is how easily you can foil these attacks, most of the time (not all the time*).
Most of the time, you thwart this attack by doing... nothing. By hodling. Get on with your bad self.
* The second way to screw them requires me to explain the scam first. Hang on a sec
Here's how it works.
Some villain finds a random public wallet address somewhere. Let's say mine, my wallet key for receiving Bitcoin.
They don't know that address is mine. They just saw it on a LEDGER somewhere, because transactions on the blockchain are public, as a valid Bitcoin address. My address, along with a bunch of other addresses.
Villain then sends me, and every other address they found, an eeeeency # of satoshis, so small, that it's essentially dust.
Then, they wait.
Most of us, like I said, aren't even gonna notice. I mean, my cryptocurrency balances are out to something something decimal places A LOT of the time. I have not memorized that I have, say, 12.07548 Bitcoin (omg wish). Maybe I remember to 12.07. But beyond that?
My dollar value, well, I'm accustomed to it fluctuating up to $10, $20 USD in a day, so I'm sure as shit unlikely to notice if I now have .00001 more of anything.
Now, like I said, hodling is the first way you protect yourself. If I am hodling, and all my Bitcoin is just sitting in my wallet, and some mustache-twirler sends me a itsy bit of Bitcoin, well, then, it's a goddam gift.
Thank you.
The issue arises if I'm actively doing something with my Bitcoin then -- trading, moving, spending.
Scammy Joe** sends me a bit of dust. It mixes in with my balance of Bitcoin. I don't notice. Then I do a
transaction from that Bitcoin wallet, in/out.
** no offense meant to all you wonderful Joes
Now, there's a record of a transaction in and a transaction out of that account*** and our villain has crossed their eyes waiting for traction from ONE of the accounts they dusted. Bingo!
*** yes, we know each time there is a transaction, a new Bitcoin key should be generated, unique to that transaction. Should. Should. Doesn't always happen
Block geeks did an awesome job explaining what the bad guys look for:
Every transaction has two components – inputs and outputs. The outputs, in turn, has two components – the part that goes to the receiver and the part that returns to the sender as change. This change acts as an unspent transaction output (UTXO) and becomes part of your UTXO set. Every single time you make a transaction, your input includes UTXOs taken from the set.
Using this transactional record of activity from and to my account -- which now includes this UTXO dust -- especially using a service where I have verified my identity (KYC), my villian can identify me with that wallet.
And then, via the magic of phishing, social engineering (Facebook quizzes, anyone), or good old fashioned black hat black mailing or hacking, my shit is in real trouble.
So, what can we do?
Actually, kind of a lot.
To be safest, of course, use a hardware wallet for hodling, then only transfer whatever you need for a transaction into an online wallet or exchange (keeping it truly peer 2 peer, minus any KYC, is even more god-like levels of secure).
Most of us, though, use COINBASE or Trust Wallet or Atomic, or something. We can be middle-level safe. Before any transaction, take a look at any recent incoming transactions. If you see one you don't recognize, be suspicious. Lock your shit down.
Or, like me, who keeps things going in but not out (HODL 4 lyfe****), still keep an eye on what comes in, assume unknown deposits are dusting feelers, and silently thank the dark web for your free gift of .000009 litecoin.
**** in other words, cuz you are not crypto rich enough to do anything, anyway, with your 12 bucks in whatever, LOL
And that's dusting. I've included (imho) 3 other v v clear explanations. It's not a type of hack that happens frequently (yet?), but it is one we can prevent, pretty easily, from doing us harm.
So, have you experience with dusting? Questions? Things to tell me? Do it!
