Understand the Binance-Litecoin “Dusting Attack” – Blockgeeks

On August 10, exchange giants Binance tweeted the following:

“Approximately 5 hours ago there was a large-scale dusting attack on $LTC @Litecoin users. One of many transactions: https://chainz.cryptoid.info/ltc/tx.dws?36359475.htm.”

“Dusting” is a new kind of attack where hackers compromise the privacy of crypto users. The way they do this is by sending tiny amounts of coins to their crypto wallets. The attackers then track down the transactional activity of these wallets and attempt to identify the person or company behind each wallet.

What is “Dust”?

When it comes to cryptocurrencies, “dust” refers to a negligible amount of coins or tokens sent to your wallet, which is usually so small that you don’t even notice. For Litecoin, this could be a few hundred Litoshis (1 Litoshi = 0.000000001 LTC) or in Bitcoin, a few hundred Satoshis (1 Satoshi = 0.000000001 BTC).

NOTE: At the very core of Bitcoin and Litecoin transactions lies the concept of unspent transactions (UTXO). Every transaction has two components – inputs and outputs. The outputs, in turn, has two components – the part that goes to the receiver and the part that returns to the sender as change. This change acts as an unspent transaction output (UTXO) and becomes part of your UTXO set. Every single time you make a transaction, your input includes UTXOs taken from the set.

After the hacker sprays a large amount of dust throughout the network, they will hope that some of it mix with the UTXO set of the victims. This is what initiates the next stage of the dusting attack.

How does the dusting attack work?

Following the mixing, the dust transaction needs to be spent by the targets for the tracking process to begin. The thing is that these “dust amounts” are so small that most users will not even notice them. Attackers can use scripts to send a ton of dust to thousands of addresses at once. Once the victims knowingly or unknowingly spend the dust, it will be possible for the attackers to track the funds and eventually deanonymize the users.

Fund tracking is usually not that straightforward. A single wallet can generate multiple addresses, and a savvy user may be using different addresses to execute various transactions. What the attacker will wait for, is for users to combine UTXOs from separate addresses along with the dust amount. The moment this happens, the attacker will be able to backtrack these addresses and eventually discover the network of addresses managed by the user’s wallet.

How does this reveal user identity? It allows the hacker to exploit a pretty well-known point of failure within the crypto-ecosystem, the exchanges. During the KYC process, a user has to register their personal data to trade within the exchange. When the registration process is complete, a wallet is uniquely assigned to the user.

The trouble begins when the user sends coins from their wallet to the exchange wallet (or vice-versa). Once the attacker can establish that link, it will be easy for them to launch phishing attacks towards the user or outright blackmail them.

So, what happened to Litecoin users in Binance?

On August 10, Binance announced that 50 Binance Litecoin addresses received 0.00000546 LTC. The exchange deemed this as a part of a large-scale dusting attack. The following is a screenshot of these transactions:

The project lead at Binance Academy, James Jager, was the first to identify the attack and told Cointelegraph:

“It was network-wide, which meant it affected all users of litecoin that had an active litecoin address at the time…We became aware of the dusting attack on Saturday morning when one of our binance angels had received a small amount of LTC into their litecoin wallet.”

Jan Happel, the co-founder of blockchain data provider Glassnode looked into the attack and found out that it affected nearly 300,000 addresses instead of the 50 first reported by Binance. Glassnode did a quick search of the LTC blockchain and discovered all the UTXOs which has less balance that the mean transaction fee of that day. A UTXO which is less than the mean fee is practically unspendable and acts as “dust.”

This is what they found:

According to their research, the dusting affected a staggering 294,582 addresses. However, that’s not all. Upon further investigation, Glassnode discovered that a similar attack happened back in April as well, which went unreported:

Attacker reaches out to Litecoin

James Jagger told Cointelegraph that the attacker that caused  the Binance Litecoin Dusting Attack had allegedly reached out to them. Apparently, the attacker owns a mining pools EMCD[dot]io, which is based out of Russia. Their intent was not to cause panic in the community but to simply advertise their services. Jagger said:

“[I[t’s unclear from our perspective or anyone else’s as to whether there were alternative motives. The owner of the pool was not aware that he was subjecting all these users to a dusting attack and spreading fear among the Litecoin community.

It’s interesting to note, that even if this was not the intent of the mining pool owner, he provided a base for malicious actors to analyze. You see, the person responsible for conducting the dusting attack doesn’t necessarily have to be the one collecting the data, they can just merely be providing a service so that someone else can collect all the information and analyze it at a later date.”

How to protect yourself from dusting attacks

Firstly, if you don’t care about deanonymization, then you don’t have anything to worry about. However, if you care about your privacy, then there are certain things that you can do, even though it will take some extra effort.

The first thing is to educate yourself about how the dusting process works. As the old saying goes, “know thy enemy.” Secondly, understand that dusting attacks will always happen because most cryptos, like Bitcoin and Litecoin, use a transparent, public blockchain. The users will still be able to trace your transactions to its very source.

So, the only options available for you is to:

• Confuse the attacker.
• Use privacy options.

Confuse the attacker

The first approach you can take is to cloud your movement by confusing blockchain surveillance.

• Use different addresses each time you transact or send someone funds.
• Use Tor or a VPN to shuffle your coins.

Use privacy options

The second thing that you can do is to use in-built privacy features to block the view of your attackers.

• Use options like Litecoin’s lightning network to send transactions. These transactions take place off-chain so they can’t be monitored.
• Litecoin is working on a privacy feature using Mimblewimble. This is still in development, as of writing.

Conclusion

Unfortunately, Attacks like the Binance Litecoin Dusting Attack are bound to happen. Dusting attacks are not going away any time soon, but various wallets have already started taking precautions to safeguard their users’ privacy. Samourai Wallet implemented a “Do Not Spend” feature against suspicious UTXOs to make sure that they are not included in future transactions. Hopefully, more wallets will integrate some functions to protect users from this attack. Plus users who are wary of their privacy must take extra precautions not to fall victim to this attack.