ESET, a leading company in proactive threat detection, warns about a new type of attack whose objective is to identify the owner of a cryptocurrency wallet through the sending of small transactions to their wallets.
The term dusting attack refers to a type of attack targeting cryptocurrency wallets that aims to reveal the true identity of the person behind a wallet and then be attacked in many other ways. ESET, a leading company in proactive threat detection, analyzes this type of attack and provides recommendations to avoid being victims.
In these cases, an attacker massively carries out small transactions, called dust, of amounts so small that they can even go unnoticed by the holder of a cryptocurrency wallet. From the analysis and monitoring of these transactions, cybercriminals try to unmask the identity of the owner of any of the wallets that received these transactions. This attack, unlike others that threaten cryptocurrencies, aims to cause damage to the owners of the wallets.
The concept of dust refers to a minimum value in cryptocurrencies that usually remains as residue after a transaction between two wallets. This minimum value varies depending on the cryptocurrency. For example, at the time of publishing this information most wallets understand the dust limit in bitcoin as 0.00000547 BTC, which is equivalent to 10 cents. Any value less than this is considered dust.
These worthless transactions leave a trail in the account of the person receiving them. And this information is what cybercriminals try to take advantage of. By making these transactions, malicious actors obtain certain information from the wallet that they then try to cross with data obtained from other sources or through techniques such as web scraping, which can ultimately allow them to discover the real identity of the person behind a wallet.
To better understand how to avoid a dusting attack, the ESET Latin America research team analyzes step by step how it works:
- Reconnaissance stage: At this stage, the cybercriminal delimits certain aspects to execute the attack. First, create a list of the objectives you want to reach, which are called "Whales". These targets can be wallets with a large number of cryptocurrencies, personal or political goals, or simply ordinary people within the crypto world. Having these people's wallets, malicious actors must know the limit of each coin and wallet to consider a transaction as dust and have those funds in their own wallets. Usually, these attacks are carried out in a massive way, which could require a small but considerable amount of cryptocurrencies.
- Execution stage: After assembling this list of addresses of interest, cybercriminals begin to send multiple transactions for these minimum amounts, usually at random to avoid raising suspicion on the part of the victims. This is the beginning of the dusting attack. Then, the attackers start doing a thorough analysis of the information and data they can get from the wallet and transaction number: metadata, posts, online appearances, and more. This analysis is not only done on the blockchain itself, but also throughout every website that may be related to cryptocurrencies, Exchange, wallets or even the target.
- Revenue stage: After obtaining the real identity of the targets and, in some cases, personal and private information, the stage begins in which cybercriminals get the "fruit" of the attack. And like any theft of personal information, this often leads to specially targeted phishing attacks, phishing, brute force credential theft, and more. This is where cybercriminals receive money, either by stealing it from their victims or by selling their personal data.
"In addition to the aforementioned consequences, there is the possibility that the victim's wallet will be marked as 'spam' or 'potentially malicious' by those who manage it, which could result in another unintended consequence for the victim: the loss of their crypto assets," says Martina López, Computer Security Researcher at ESET Latin America.
Preventing a dusting attack can seem complex, as it is the combination of the public of the transactions and the information that remains of them that makes an attack can be carried out. However, from ESET about some recommendations to reduce the risk of being a victim of one of these attacks:
- Take care of personal data: Dusting attacks are not possible without associating the identity of the victim by searching for personal information from them. Information such as personal emails, phone numbers, full names and government identifiers are some of the most sought-after data by cybercriminals.
- Monitor incoming and outgoing transactions from wallets: If transactions of small securities are detected, it may be that you are being the victim of an attempted dusting attack. Given this, use the mechanisms provided by wallet services to report transactions.
- Avoid overexposing wallet addresses, and do not reuse those that have already been publicly exposed.
- Store crypto assets in wallet services that have some kind of protection against these attacks. An example of them are Samurai and Wasabi, two wallets created with the aim of strongly anonymizing the entire cryptocurrency exchange process.
To learn more about computer security, visit the ESET news portal: https://www.welivesecurity.
.jpeg)
