Would like to confirm we have seen or heard of any kind of "dusting" attacks or something similar on polygon wallets?

Created by Sourajyoti Gupta, Modified on Fri, 28 Jul, 2023 at 7:37 PM by Sourajyoti Gupta

In such an attack, the attacker or scammers sends a very tiny amount of funds to a large number of users' personal wallet addresses, it's less than the transaction fees required to spend it and it's known as dust. They then track these funds and all transactions of the dusted wallets and perform a combined analysis of several addresses, enabling them to link the addresses. Eventually, they then determine the identity of the person or company behind an existing wallet.

If they succeed in determining the identity, then the attackers may use this information against the wallet address owner either through planned phishing attacks or cyber extortion threats.


The main motive here is the use of dust attacks as an approach or a stepping stone for another off-chain attack that will compromise the wallet address owner's assets. Here we can advise the owner to be aware of such attacks and take precautionary and preventive steps, Below are some links that can help educate users about phishing attacks and cyber extortion threats in detail.


PHISHING ATTACKS

10 Ways To Avoid Phishing Scams 

10 Ways to Prevent Phishing Attacks

How Can You Stop Phishing Attacks?

CYBER EXTORTION ATTACKS

What is Cyber Extortion and How to Protect Yourself From it?

Preventing Cryptocurrency Cyber Extortion

How to Prevent Cyber Attacks: Top Ways to Protect Yourself?


Moreover, the users can also opt for much more secure cold wallets such as Trezor, ledger, or hot wallets like Trust Wallet which has Two-Factor Authentication (2FA), Google Authentication, and even SMS or email verifications. It is like having the convenience of a hot wallet with the security of a cold one, Trust Wallet keeps most of its currency on cold storage servers. So it’s like having a cold wallet as a service.


I would further like to add that within any crypto exchanges/trades, the term dust is also given to the tiny amounts of coins that are stuck on the user's account after a successful trade is executed. These Dust balances (coins) are not tradable as its very tiny amount but the exchanges usually convert them to their native coin not to confuse this dust with the type of dust that we were referred to in relation to dust attack the latter spreads on the chain as a malicious attack. 

What most exchanges would do to protect their clients is simply convert these dust amounts so that the clients would never receive them.


BY WHOM?

The attacker is a scammer whose goal is to basically loot the user's tokens by creating a phishing site or URL and sending it to the user after learning their identity.


HOW?

They send a tiny amount of funds to the user's wallet, and then they track the user's daily activities and transactions using that tiny amount of funds to pinpoint the identity of the user, it's basically like stalking on-chain until they find the man behind the mask. 


WHY?

Once they find out the true identity of the user they can physically send them messages on social media regarding their relevant projects but the messages are just fake phishing sites, once the user logs in to these sites the attacker will gain all their credentials and control over the user's assets then they can either keep them for themselves or ask for a ransom.


SUGGEST WAYS TO STOP THIS

We don't exactly have a way to stop this, but with some exchanges, they automatically prevent this from happening.

WHERE IS THIS STEMMING FROM?

The attacker basically might have pre-planned the attack and choose their targets according to how they see that they can profit.

IS THIS A BIGGER ISSUE TO DIG DEEP INTO TO PREVENT IT FROM BEING MALICIOUS?

Ultimately any successful attack is a bigger issue, but to pull off this attack the attacker has to choose a target => transfer a small fund => and track the user transaction activity on-chain => with the tracked data he/she might be able to find the identity of the user => try to scam them through social media with fake phishing sites => once the user is scammer the attacker will have control over the scammed asset. You can see as the attack progresses it keeps on becoming a bigger issue.


HOW CAN THIS BE PREVENTED? ARE THERE ANY POSSIBLE SOLUTIONS WE CAN OFFER OUR PARTNERS?

If someone is experiencing this attack, there is not any possible way right now to actually prevent it but we sure do have some recommendations to spread awareness about how the attacker might try to scam the user once they find out their identity. We can have them prepared and ready for such scams so that they don't fall a victim to the scam.


SHOULD THIS BE IMPACTING SOME EXCHANGES?

Exchanges like Binance and some others automatically detect the small coin transfer and converts it into the chain's native token currency and the user is never aware of this, it stops the attacker from further tracking the user's activity on-chain thus the scammer never learns about the identity of the user.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article