Blockchain is believed to be a safe technology. Payments cannot be faked, transactions cannot be canceled. But due to some technical features, evenSuch a seemingly reliable system has vulnerabilities. The threat lies in attacks on the network, the most dangerous of which is the attack (51%). However, in the case of Bitcoin, its organization is extremely expensive and is considered unprofitable.
However, there are other, less costly attacks,which can cause huge damage to individual users. One of them is a “dust attack” (Dusting Attack). It allows you to reveal the identities of the owners of cryptocurrencies, and at the same time helps to freeze transactions and increase commission fees on the network.
It is suspected that such an attack on the Bitcoin networkIt was held recently - November 15, when the mempool reached a record load in a year and a half. What was it? What exactly is a dust attack dangerous and how does it work? What cases are known to the market and how to protect yourself?
What happened on November 15th?
On Friday, the Bitcoin mempool (the place where they are storedunconfirmed transactions) began to fill up at an abnormal rate. For the first time in almost two years, its size exceeded 90 MB. The last time such a high load was observed in January 2018, when the crypto community was trying to recover after December 2017.
During the current month, the size of the mempool never,with the exception of the described case, it did not exceed 12.6 MB - this is about seven times lower than the Friday mark. Usually a heavy mempool means that there are a lot of frozen BTC transactions in the network, but this time it was different: the number of operations did not always reach 20,000.
This means that the mempool was full.few, but difficult transactions, consisting of several transfers simultaneously. The bulk of them contained extremely low amounts, including operations from 1 Satoshi (0.00000001 BTC). The commission in such transactions was set at a low level, so the average level of commission fees did not increase, and transfers of ordinary users did not get stuck.
Why it all happened this way and who is behind it is not known, but there are assumptions. So, CEO of Bitrefill Sergey Kotlyar suggested that this was just “autumn cleaning” of one of the large companies.
On the mempool today. Someone is cleaning up 100 MB of bitcoin transactions in their wallet. These are all at low fee and not causing any disruptions anywhere. Business as usual, just someone somewhere doing much needed a fall cleaning, nothing to worry about. pic.twitter.com/nzNJi25emI
- Sergej Kotliar (@ziggamon) November 15, 2019
“This is what mempool looks like today. Someone is clearing 100 MB of bitcoin transactions from their wallets. They are all with a low commission, so they will not cause any disruptions. An ordinary business, just someone somewhere conducting an autumn cleaning. Nothing to worry about. ”
And here is the CEO of the Australian crypto portalNuggetsNewsAU Alex Saunders dug deeper, suggesting that none other than the Binance crypto exchange does this. In his opinion, this is how the exchange gets rid of small balances of BTC and USDT.
#Bitcoin cleared 90mb of transactions over the weekend. @binance cleaning up $ BTC dust or $ USDT accounts I believe. All at min fee of 1 sat / byte. ?? pic.twitter.com/K75oUf3SSQ
- Alex Saunders (@AlexSaundersAU) November 17, 2019
“Over the weekend, 90 MB of transactions passed through the Bitcoin network. I think this Binance collects balances from its accounts in BTC or USDT. All this with a minimum commission of 1 sat / byte. "
Another, lesser known crypto expert under the nicknameFrank Topbottom even tried to prove Binance's involvement. So, one of the addresses noted on November 15 is 1FoWyxwPXuj4C6abqwhjDWdz6D4PZgYRjA. The exact same address, only USDT, not BTC, is assigned to the exchange in the list of the richest Tether wallets.
Since Tether is based on the Omni platformLayer, which in turn works on the Bitcoin blockchain, then small bitcoin transactions are made during USDT transfers. Therefore, the crypto enthusiast suggested that the first cryptocurrency mempool owes its load to USDT transfers from Binance.
However, again, what really happened -nobody knows. Some experts do not exclude that at this time the Bitcoin network was subjected to a carefully planned “dust attack”, which could damage both large crypto companies and ordinary users.
What is a dust attack?
Dusting Attack on Bitcoin Network -This is one of the “white” ways to negatively impact the cryptocurrency network. Her organization does not require billions of dollars in costs and does not need to be a coding genius.
How exactly does it work:
- Attackers spread many small transactions on the Bitcoin network.
- The amount of transfers is extremely small - from one to several thousand Satoshi. In bitcoins, it is from 0.00000001 BTC to 0.00005000 BTC, in dollars - up to $ 0.04.
- Because of such a tiny size, such amounts are called "dust" - hence the name of the attack.
- Moreover, the commission paid is quite adequate and often turns out to be more than the amount of the transfer.
- Coins go to the addresses of various network users. Those, in turn, often do not even notice them, since visually the balance practically does not change.
Conclusion: a “dust attack” is when attackers send many small transactions to various network users.
Well, we figured it out. But why is this needed? What is the use of sending someone your coins? There is a rational reason for this, and not even one.
First reason: spam attacks on the network
Despite the fact that from the "dust attack"more reminiscent of airdrop, in fact this is a clearly planned fraudulent action. One of its goals: to “spam” the blockchain, provoking a freeze in transactions and an increase in commissions.
How exactly does it work:
- Dust transactions along with all the others are stored in the mempool pending confirmation by miners.
- The more spam transactions in the mempool, the longerordinary users have to wait for confirmation and set a higher commission, since transfers with a high “fee” are processed first.
- If the “dust attack” is not carried out with an average,and with a high commission, the miners initially process the transactions of spammers, and ordinary crypto enthusiasts have to wait for confirmation for hours, days, or even weeks. The only way out is to set abnormally large commissions.
- A spam attack is carried out in order to discredit the network or slow down / disrupt some transactions.
Conclusion: a “dust attack” spamming the blockchain with unnecessary transactions, causing freezes of transfers and an increase in commission fees.
This method has been very popular for several years.back when bitcoin was not worth so much and network commissions were lower. Now this venture is too expensive, and dust transactions rarely include large fees.
Second reason: identity disclosure
Cryptocurrency network spam trend graduallyfades away, but "dust attacks" from this do not lose popularity. In recent years, attackers have changed focus: now they use tiny translations to reveal the identity of the owners of the addresses, and then arrange phishing attacks or blackmail the victim.
How exactly does it work:
- Crypto-wallets allow you to generate addresses foreach new transaction based on the same seed phrase. Thanks to this, it’s not easy to calculate the owner of a particular address. But there is a loophole.
- The fact is that technically the total balance on the wallet consists of the sum of “unspent outputs” (UTXO). Surprisingly, this works exactly the same as in the case of cash.
- If you have 1000 rubles, this is far from alwaysmeans that you have 1000 rubles in one bill. This can be several bills of different denominations: one for 500 rubles, three for 100 and twenty for 10. Similarly, with cryptocurrency wallets: with a total balance of 1 BTC, you can actually have “unspent outputs” of 0.7 BTC, 0.2 BTC and 0.1 BTC.
- Suppose you need to spend 0.99 BTC, but you don’t have an exit specifically for this size. Therefore, when creating a transaction, the wallet will go to a technical trick and combine all your "unspent outputs" into one. He will generate a new address and create a transaction for 1 BTC, including 0.01 BTC “change” in it. This amount will automatically return to you and become your new UTXO.
- The addresses from which all UTXOs have been spent are no longer used, but remain valid for accepting coins.
- This is right for the attackers: they send a tiny fraction of bitcoin to specific addresses. As a result, new UTXOs appear in the wallet, which sooner or later mix with others and go from a new address.
- An attacker simply monitors the movement of coins sent to them and establishes a connection between addresses. So you can calculate an influential company, bitcoin kit or an anonymous expert.
- The information received is used to carefullyplanned phishing attacks, cyber crimes, blackmail, and other targets. The same method can be used by police to identify the offender or special services for tracking people.
Conclusion: using a “dust attack”, the connection between addresses is analyzed in order to find out who operates the cryptocurrency.
What cases are known to the market?
If the “dust attack” were not effective, itswould not have been carried out. But we see how at different times cryptocurrency blockchains are faced with its unpleasant consequences. Recall some well-known cases:
- Spam attacks on the Bitcoin network after the launch of BitcoinCash in 2017. Two years ago, Bitcoin Cash was born - the favorite brainchild of Roger Vera, which he positions as true Bitcoin. A few months after the launch, the network of the first cryptocurrency several times became a victim of “dusty” spam transactions with a high commission. This led to a freeze in transfers and an increase in recommended commissions (once the figure jumped above $ 30). The action has been repeatedly accompanied by Bitcoin Cash pumps. According to many crypto activists, Roger Ver himself stood behind those “dust attacks”, who wanted to clearly demonstrate the advantages of Bitcoin Cash over Bitcoin.
- Dust attack on the Bitcoin network in October 2018. At the end of last year, the creators of the Samourai Wallet crypto-wallet recorded a stream of suspicious small transfers on the BTC network. The developers immediately released an updated version of the software, which allowed to automatically record the transactions of the "dust attack" and impose a ban on their spending.
- Dust attack on Litecoin network in August 2019. In summer, the coin of Charles Lee became a victim of intruders. Unknowns began to send tiny transactions to users and crypto companies, including the Binance exchange, with the goal of deanonymizing LTC addresses.
How to protect yourself?
The only way to reliably protect yourself fromconsequences of "dust attacks" - do not use the received coins. You just need to prevent their mixing with other assets. Then the attacker will not be able to identify the relationship between your addresses. That is, the UTXO received as a result of the “dust attack” simply needs to be “frozen”. Alas, not all wallets provide such an opportunity.
The function mentioned above works bestSamourai Wallet, also recommended by Binance. Recall that it allows you to mark small incoming transfers and not use the received digital money in the future. This is less conveniently implemented in the main Bitcoin Core wallet: you have to choose which UTXOs are used to form the transaction. You can also freeze coins through Electrum, but this wallet does not differ in the highest degree of security.</p>