Binance Explains What a Dusting Attack Is and How to Protect Yourself Against It

Michael LaVere
  • Litecoin wallets are undergoing a "large-scale" dusting attack. 
  • Scammers are using micro-transactions of LTC to target specific coin holders. 

Less than a week after the halving event for litecoin, LTC wallet users have been experiencing a large-scale dusting attack that may have implications for the currency. Binance looked into what it is, and how users can protect themselves.

Dusting Attacks

Over the weekend, reports began emerging that litecoin wallets were under siege by a new form of cyber-attack being referred to as “dusting.” The team at Binance was one of the first to alert LTC users to the attack, in addition to drawing attention to the method that attackers are using to go after litecoin wallets. 

Binance claimed that a “large-scale” dusting attack had occurred against LTC users on Aug. 9, in addition to providing a link for an example transaction. 

According to the report published by Binance, dusting attacks are a “relatively new” and “malicious” form of cyber-activity where hackers attempt to gain access to the funds of cryptocurrency users. The scam involves sending tiny amounts of coins to their personal wallets.

The transactional activity of the wallets is then tracked by the attackers, who perform a series of analyses on several addresses to identify the person or organization behind the wallet. 

‘Dust’ has been used in the past to refer to minuscule amounts of cryptocurrency and has typically been a term applied on exchanges to the rounded-off amounts following transactions. However, hackers have found a way to leverage the micro-transaction capability of cryptocurrencies such as litecoin in an effort to gain access to user wallets. 

LTC Wallets Being Targeted

Binance claims that hackers are relying upon the ignorance or nonchalance of users towards dust to run their scheme, 

Scammers recently realized that cryptocurrency users do not pay much attention to these tiny amounts showing up in their wallets, so they began "dusting" a large number of addresses by sending a few satoshis to them.

The report continues, 

The goal is to eventually be able to link the dusted addresses and wallets to their respective companies or individuals. If successful, the attackers may use this knowledge against their targets, either through elaborated phishing attacks or cyber-extortion threats.

While dusting attacks were first initiated on bitcoin, hackers have broadened their scope to incorporate other cryptocurrencies such as litecoin. 

Despite the large-scale attack occurring against LTC wallets, the market for litecoin has largely been unchanged. While cryptocurrency prices appear to be undergoing a minor correction after their rally last week, the price of LTC has not suffered in response to the ongoing dusting cyberattack. 

Hacker Steals $1,200 Worth of ETH Using GitHub Bots

Hackers have managed to steal $1,200 worth of ether (ETH) from a Reddit user after he accidentally left his wallet’s recovery phrase in a GitHub repository for less than two minutes.

According to Reddit user’s post, the hackers have set up automated bots to scrape GitHub – a popular website to publish code and work on projects – looking for cryptocurrency wallets’ private keys, mnemonic phrases, and other private information such as account passwords. The Redditor wrote:

A hacker got my mnemonic and stole $1,200 in ethereum from my Metamask wallet in under 100 seconds. The hackers were using a bot to scan for the mnemonic phrases across GitHub, and I accidentally left it in my code on a GitHub repo while I was sending to a Hack Money hack-at-hon.

The user added that he still has nearly $700 worth of cryptocurrency on the decentralized finance (DeFi) lending protocol Compound, and that the funds are as good as gone as the bot will siphon the funds out of the wallet as soon as he takes them off of the protocol.

The bots the hacker set up are reportedly automatically submitting transactions to steal the users’ funds whenever they are available, and will even outbid a user-submitted transaction in fees to ensure the malicious transaction is processed by miners first. The user wrote:

Although there are some coins and tokens left, the bot will siphon any ethereum I have to prevent me from moving my coins, and/or outmatch my attempts by supplying more gas.

As CryptoGlobe reported, data from Chainalysis has revealed hackers in the cryptocurrency space have been becoming more active over time, albeit less successful as in 2019 there were eleven major hacks, but none matched the scale of major security breaches that occurred in 2018.

Featured image by Nick Chong on Unsplash.