How Hackers Use Dusting Attacks To Steal Cryptocurrencies & Deanonymize Wallet Users

by Sunny Hoi

What Is A Crypto Dusting Attack?

A cryptocurrency dusting attack refers to a form of malevolent process where hackers and cybercriminals attempt and violate the privacy of cryptocurrency users by sending small quantities of coins to their personal wallets.

The small quantities of cryptocurrency (Typically Bitcoin or altcoins like Litecoin) are sent to thousands of different public cryptocurrency addresses with the purpose of disclosing the true identity of the address owners.

The adversaries will attempt to identify the individual or company behind each crypto wallet by tracing the transactional activity of the wallets and conducting a combined analysis of various addresses.

In the event that the adversaries succeed, they could utilize this valuable information against their victims, either through intricate phishing attacks or cyber blackmail threats.

What is Cryptocurrency Dust?

Cryptocurrency dust refers to a small number of coins or tokens, particularly a quantity that is so little that the majority of users do not come to realize its existence.

For instance, Bitcoin users could receive 1 Satoshi (0.00000001 BTC) without them even being aware of it. Hence, the dust is a small amount of cryptocurrency frequently accumulating in cleared out accounts and is generally automatically concealed by exchanges to render a customer’s asset portfolio appear less crowded.

Cybercriminals are aware of the fact that crypto users are unlikely to pay any attention to the small amounts showing up in their crypto wallets. Hence, they started to dust a significant number of addresses by sending a couple of Satoshis to them.

In cryptocurrency exchanges, dust is also the term used when very small quantities of coins get stuck on customers’ accounts after trading orders are performed.

Unspent Transaction Output (UTXO)

The essence of a dusting attack represents a cryptographic component situated within cryptocurrencies such as Bitcoin.

An unspent transaction output establishes a blockchain transaction output that has not been expended, namely, deployed as an input in a new transaction. Notably, it is fundamentally a signature connected to an unspent value that combines with additional unspent transaction outputs just as a transaction is performed. A hacker may follow the wallets and link them to one user just by watching these unspent transaction outputs.

A UTXO is reminiscent of a banknote or coin. Over a period of time, the user will carry out numerous transactions. He or she will spend and acquire money. Consequently, over a period of time, a diverse number of coins and notes of distinct denominations accumulate in the user’s wallet. For instance, the user could pay a quantity through a mixture of distinct coins and notes.

Nevertheless, in reality, the cryptocurrency user will infrequently be capable of paying precisely the quantity they need down to the last decimal place. In terms of Bitcoin transactions that the user is making on another wallet, they will generally obtain change back in the shape of a tinier unspent transaction output.

In layman’s terms, UTXOs represent the money in the crypto user’s wallet. Similar to Fiat money in the shape of notes and coins, unspent transaction outputs travel back and forth between the wallet addresses of the individuals in an ecosystem.

Bear in mind that a crypto user’s wallet produces a new address for every deposit they receive. Accordingly, the user’s UTXOs are not situated in one address but on numerous addresses, which are all handled by the user’s wallet. Every address holds distinct UTXOs, and from the exterior, the crypto user cannot differentiate that such addresses belong to each other. The objective of a crypto dusting attack is to figure out precisely that.

The adversary wishes to make a directory that records every address handled by the target’s wallet. Provided that they attain a good outcome, they may follow the target’s activities on the blockchain easily. Subsequently, the privacy aspect through the wallet is no more provided.

Crypto Dusting Attacks

Given that dusting attacks depend on a combined analysis of numerous addresses, as long as a dust fund is not shifted, adversaries are unable to render the associations they require to de-anonymize the wallets.

Numerous modern dusting attacks are generally ranging from 1000 to 5000 Satoshis.

We are aware that there are generally various UTXOs of various sizes on different addresses that are handled by a user’s wallet. If the user wishes to send a specific amount, then their wallet combines the different UTXO with each other to increase the amount. Moreover, it deploys distinct addresses where the reciprocal UTXOs are kept.

In the event that the user wishes to produce a transaction, their wallet will increase the quantity to be paid by combining different Unspent Transaction Outputs from different addresses.

Keep in mind that UTXOS from distinct addresses are utilized for the transaction demonstrates to the adversary that every address involved are controlled by the user.

From here on out, the adversary will progressively be able to follow all of the user’s addresses. The network of addresses handled by the user’s wallet will be exposed, including automatically regenerated addresses going forward.

Stopping a Dust Attack

Provided that you may construct the transaction outputs in your wallet, then the dust could be just left and not utilized. In other words, to nullify an attack, refrain from spending the received dust, and label it as “Do Not Spend” whenever possible.

Additionally, you may make more wallet addresses for new transactions and deploy a Virtual Private Network (VPN) to conceal your digital footprints.

Nevertheless, the majority of services gather transactions from the closest inputs, and the user may not control it. Provided that the dust was not employed as spent outputs, then the hackers cannot determine the connections between the addresses that they require to deanonymize the wallet’s owner.

Avoiding dusting attacks can be difficult as you cannot prevent anyone from sending cryptocurrency to your address.

If you are concerned about dusting, security, and anonymity problems, then you will want to refrain from combining different wallet addresses together in a single transaction.

For instance, a user may hold three Bitcoin (BTC) wallet addresses, each comprising 1 Bitcoin (For the total amount of 3 Bitcoin), and you wish to transfer 2.5 Bitcoin in a transaction. With this tactic, your addresses will not wind up in a single TX block.

One of the inconveniences caused by cybercriminals is that they may send dust spam across the network, resulting in other crypto users needing to pay higher fees to evade delays once their transactions are waiting to be incorporated into the block.

In the event that you perceive a dubious quantity of received Satoshis and receive messages such as “I found out who you are.”, refrain from responding to such messages. Cybercriminals will have difficulty attacking you if they don’t possess access to your seed phrase and private keys.

Cryptocurrency Exchanges

We are aware that cryptocurrency exchanges exist and that users have to register with their accurate information to participate in trading on the platforms.

By registering, a reciprocal wallet is established for the customer, whereby he or she trades on the crypto exchange. Significantly, a wallet is hence uniquely allocated to a particular identity on such exchanges.

Maintaining anonymity becomes vital for every user if they communicate with their personal, anonymous wallet from the crypto exchange with the wallet to be evidently allocated to them. For instance, sending coins to this wallet and receiving coins from this wallet. As of this moment, the adversary may determine a direct connection between the previously anonymous wallet and the non-anonymized wallet. The paradigm of transactions between these two wallets swiftly discloses whether the owner is the same individual or not.

Therefore, the adversaries capitalize on this situation by deploying a crypto dusting attack.

Bitcoin Pseudonymity

Given that Bitcoin is open and decentralized, anybody can establish a wallet and join the network without supplying any personal information.

Despite the fact that every Bitcoin transaction is public and apparent, it cannot always be effortless to discover the identity behind every address or transaction, and this what renders Bitcoin to some extent anonymous — though not entirely.

Cryptocurrencies like Bitcoin are not entirely anonymous virtual currencies. They are pseudonymous inherently. This signifies that even though a crypto user’s true identity is not exposed, their transactions, wallet size, and additional information is there for the public to scrutinize.

Numerous cryptocurrency exchanges and a number of wallet providers have enforced Know-Your-Customer (KYC) registration verification processes, which accumulate personally identifiable information (PII). This illustrates that once customers shift funds between their personal wallets and exchange accounts, they could potentially be in some way de-anonymized.

Preferably, a new Bitcoin address should be made for all new receiving transactions or payment requests as a means to maintain users’ privacy.

Bear in mind there are several businesses, governmental agencies, and research facilities conducting blockchain analysis in an effort to de-anonymize blockchain networks.


Although the Bitcoin blockchain is practically impossible to hack or interrupt, the wallets of users frequently introduce a substantial security concern.

Considering users do not provide their personal information when they are making an account, they may not prove that a cyberheist has occurred in the event that an unknown hacker obtains access to their cryptocurrencies. Provided that they could, it would still be futile.

Once a user retains their cryptocurrencies in a personal wallet, they are functioning as their own bank, which indicates that there is nothing they could do in the event their security is compromised or when they somehow lose their private keys.

Even though there are many de-anonymizing attacks made available to attackers, there are various other security concerns that are included in the cryptocurrency, like phishing, ransomware, and cryptojacking.

There are many ways a user could utilize to improve their overall cybersecurity which includes encrypting their wallets, keeping their keys inside encrypted folders, using a VPN, and deploying reputable anti-virus software on their systems.

Related Posts