How to deflect a Bitcoin dusting attack in three steps
Receiving small amounts of unsolicited Bitcoin (BTC) is called a dusting attack.
To find out exactly how a dusting attack works, and why it poses a threat to a Bitcoin wallet’s security, read our article What is a dusting attack?
The key thing to know is that it’s important not to spend any Bitcoin dust by inadvertently including it in a payment.
The Fortris team recently worked with a customer to deflect a Bitcoin dusting attack. The steps that we took are summarized below.
Quick recap: What is Bitcoin dust?
But first, a recap: What exactly is Bitcoin dust? To really understand this, we first need to consider how Bitcoin works.
Units of Bitcoin are measured in UTXOs, or unspent transaction outputs. For an in-depth explanation of what a UTXO is and why Bitcoin works this way, read our article on UTXO management.
The key thing to know is that UTXOs are irregular and indivisible amounts of Bitcoin.
Bitcoin dust is simply a small-value UTXO or UTXOs that can be worth the equivalent of just a few cents.
This video shows an example of how UTXOs work:
UTXOs are also traceable, since every UTXO’s transaction history is recorded in the immutable public database of the Bitcoin blockchain.
Harmless dust vs a dusting attack
Not all Bitcoin dust is harmful.
Sometimes wallets accumulate dust as a result of “change” received from creating a transaction, as shown in the video above, or for other reasons such as receiving lots of small payments.
Think of it as like walking around with a regular wallet filled with small change.
The key difference between small change in the fiat world, and UTXOs, is that the more UTXOs are required to create a payment, the larger the file size of the transaction.
The larger the file size, the higher the fees paid to the miner who adds the transaction to the Bitcoin blockchain.
For more on the relationship between transaction size and fees, read our article How long does a Bitcoin transaction take?
Therefore, depending on what a wallet is used for, it can make sense to minimize the number of small-value UTXOs. Here are some of the ways that this can be done:
Some crypto exchanges allow dust to be converted into other crypto tokens that can be used in trades.
Some wallet providers have a coin control feature, letting you automatically combine multiple small-value UTXOs into larger ones.
Warning: since both these methods involve combining multiple UTXOs together, they should not be considered as a solution for dealing with unsolicited, suspicious dust.
Combining UTXOs and spending them is exactly the outcome that dusting attackers are looking for.
Three steps to neutralize an attack
Here are three steps that enterprise users can take to deflect a dusting attack. The key objective is to make sure that dust UTXOs are not spent.
1. Locate the dust
As we have seen, it is important that users have a way to identify the contents of their Bitcoin wallets at a UTXO level.
If you or your organization uses multiple wallets, make sure that you or your wallet provider can trace any unsolicited dust-size UTXOs so you can identify which wallet they are in.
In large wallets with a high volume of payments in and out, it can be hard to identify the origins of individual UTXOs.
This is why good UTXO management is an important consideration for enterprise business and institutions using Bitcoin.
2. Freeze the dust
Bitcoin wallets often have default settings that determine which UTXOs they use to create a payment.
If your wallet software allows it, set up a rule so that any Bitcoin UTXOs under a certain value are automatically frozen and cannot be spent.
Although this has the effect of freezing all dust, including harmless dust that has naturally accumulated, a side benefit is that it can save money in fees.
At times of high transaction volumes, the fees required for Bitcoin miners to process multiple-UTXO transactions may even cost more than the value of the transaction itself.
3. Isolate the dust
Finally, once you have identified the location of the dust and are sure it is frozen, you may wish to remove all other UTXOs from the wallet in question and “archive” it to be extra safe.
This provides an extra layer of confidence that the dust UTXOs cannot be inadvertently combined with other UTXOs and spent.