Since Bitcoin’s debut to the public more than a decade ago, supporters have praised the benefits of cryptocurrency transactions including decentralization, transparency and anonymity. While these benefits certainly have their advantages, crypto’s nature also opens you up to a level of risk that has been realized through activities like dusting attacks and airdrops that often go completely unnoticed if crypto holders don’t know what to look for. Fortunately there are steps you can take to protect yourself from malicious entities interested in deanonymizing you. Understanding the nature of dusting attacks and airdropping can help you determine the best way to protect yourself and your crypto holdings from hackers and scammers.
The blockchain: Not as anonymous as you might think
Many people mistakenly think bitcoin is private. It’s anonymous, yes, but not private. A transaction is made up of input(s) and output(s). When you spend, you are creating a transaction using your address as an input. When you receive, your address is given an amount of bitcoin, which becomes the output. All of this transaction information (including the addresses involved, amounts and times of the transactions) are recorded on the blockchain. As that ledger is 100% transparent and public, so are your transactions. Any uninvolved party (people who have not transacted with you directly) examining the blockchain can see the cryptocurrency being received or spent — they just won’t know it’s you spending or receiving it because the owners of the addresses are not revealed. If the person you’re transacting with knows who you are however, they may be able to associate your blockchain wallet (and future transactions) with you, as anonymity only applies when referring to non-involved parties. And even still, a non-involved party may not know who you are from the beginning, but by watching blockchain activity, they may be able to figure it out if your wallet is maliciously “dusted” and use this information to deanonymize you in the future.
Dusting: Revealing your identity, one satoshi at a time
When you use bitcoin to pay for something, one or more addresses (UTXOs) are selected that most closely match the amount due and you receive an output UTXO with your change. For example, if you were paying for something equal to $400 and you had three UTXOs in your wallet equal to $5,000, $5, and $399, you could use the UTXOs equal to $399 and $5 and would receive a UTXO back worth $4. All of this information is recorded on the public ledger.
With dusting, a hacker or scammer sends very small amounts of a cryptocurrency (dust) to a large number of addresses. If you receive dust, you will have a UTXO in your wallet with a very small value. As you spend from your wallet, the attacker watches to see when the dust UTXO is picked up. When it is, they take note of all the other UTXOs that go along with it as well as what addresses they go to. When these entities study transactional patterns long enough, they can eventually identify all the addresses linked to your wallet, which means they can figure out how much crypto you have. If your account is of interest (you have large sums), they can work on figuring out it belongs to you, which can make you a target for anything from scams and phishing campaigns to cyber-extortion threats.
One reason dusting is so insidious is that the amounts of crypto sent to accounts are so very small; they are smaller than the minimum transaction fee required to use cryptocurrency. Most times, the dusting amounts are calculated in units known as satoshis; one satoshi equaling 0.00000001 bitcoin. Given the minuscule size of dust, the chances are pretty good that many people won’t notice them as they casually scan their cryptocurrency total.
Airdropping: Free tokens, potential scams
Airdropping is similar to dusting in that it adds small amounts of crypto to your wallet. But airdropping’s purpose is far less ominous. Companies that airdrop want to use you to spread the word about their great new cryptocurrency. As such, they will send free coins or tokens to your address (found on the public blockchain). Sometimes they send them free and other times they ask for something in return (like a tweet about the company and its currency). You might also actively encourage airdrops to your wallet in hopes that the new cryptocurrency will ultimately have a large payout. There are hundreds of airdrop lists and websites, all eager for your interest.
While the purpose of airdrops is often benign, problems come up when hackers and scammers reach out for more than your public wallet address. If you aren’t careful, you could be at risk from the following:
- Private key theft. Private key theft takes place when an airdrop entity asks for the private key to your wallet. You should never give out your private key. While more savvy crypto users can spot such a scam, those new to cryptocurrency trading could fall victim to it.
- Trolling/information collecting. Sometimes nefarious airdrop websites are used, not to promote currencies, but to gather data — such as email, wallet addresses or even social media information — that can be sold to third parties or used for future phishing attempts.
Protect your crypto from malicious dusting and airdrop attacks
Because cryptocurrency transaction information is public knowledge, it’s important to protect yourself, your holdings and your anonymity. In addition to ensuring anti-spam and anti-viral protection for your wallet, consider the following steps.
If you think you’ve been dusted, don’t move the dust. Look for wallet apps that allow you to “mark” small, unknown deposits in your wallet to prevent them from being used for other transactions.
Monitor your balance — 100% of the time. If wayward satoshis suddenly show up in your cryptowallet, you might have been dusted. It’s a good idea to find a wallet app with a push notification, which tells you when you receive new funds.
Don’t give out private information — ever. If a website — or other airdrop entity — wants more than your wallet address in exchange for tokens or coins, it’s a red flag. Be as wary of handing out your cryptocurrency information as you would be of providing fiat bank account log-in data.
Keep your anonymity in place
None of the above is meant to suggest that cryptocurrency trading or usage is dangerous. It is, however, a reminder that while transactions can be anonymous (when actually conducting a transaction you may potentially be revealing information about who you are to complete it, which can then be associated with your wallets), they aren’t private. Unfortunately, scammers and hackers are taking advantage of the very public blockchain technology to determine the identities of those behind cryptocurrency transactions.
The good news is that knowledge is power. You can protect yourself from malicious entities and preserve your anonymity by being aware of attacks like dusting and taking preventative action. Doing so will better protect you and your holdings while helping to ensure you don’t become victim to phishing or cyberextortion threats.