August 2nd, 2022
Pseudonymity is one of the core goals of many blockchains. Since creating a blockchain account only requires generating a random private key, no information exists that links a blockchain account to its owner’s real-world identity.
Dusting is a technique that is most commonly used to break blockchain anonymity. By making it easier to associate a user’s various blockchain accounts, dusting provides a clearer view of their entire holdings, activity, and potentially their identity.
Dust is a term for very small fractional parts of a cryptocurrency. On Bitcoin, a Satoshi is the smallest possible unit and is worth 0.00000001 BTC or a few hundredths of a cent in USD. A unit this small is useless for most transactions on the blockchain unless it is combined with other cryptocurrency.
Dusting is the term for sending micropayments to addresses on the blockchain that consist of a few Satoshis or the equivalent.
Dusting can be used for various purposes, including:
Dusting is not always malicious. However, one of the more common uses for dusting is breaking the anonymity of blockchain accounts.
Dusting attacks were developed as a way of breaking the anonymity of the blockchain. In theory, it should be infeasible to determine if two blockchain wallets are owned by the same user. In practice, analysis of transactions and patterns of life on the blockchain can break anonymity.
Dusting helps with this because dust cannot be used independently for a transaction because its value is less than the transaction fee.
For this reason, a user needs to combine dust with other holdings to use it within a transaction. If a blockchain transaction combines dust from one address with a user’s holdings in another, then someone analyzing the transaction history on the blockchain knows that both addresses are owned by the same person.
The simplest defense against dusting attacks is to not use dust sent to a blockchain account.
Many wallets have been updated to protect against dusting attacks by identifying funds from transactions below a given threshold as dust and marking them as “Do Not Spend”. While this means that a user can’t use all of the funds at an address, the value of the dust is negligible.
Users can also protect their anonymity on the blockchain by using a hierarchical deterministic (HD) blockchain wallet that creates a new address for each blockchain transaction. All funds in an address are drained in a transaction and the excess is sent to a new address, making it difficult to determine if the new address is owned by the user or not. With single-use addresses, it is much more difficult to track a user’s activity and identity on the blockchain.