DeFi security is worrying. How to prevent dust attacks, ransomware and 51% attacks?

Original title: "Ubiquitous Attacks: Powder, Ransomware, 51%"
Written by: Mos DeFi
Translation: ChinaDeFi

Last Tuesday, Poly Network was hacked, causing more than $600 million in losses. Although the hackers returned almost all of the "loot" in the end, it is still terrifying.

The ubiquitous attacks have made both individuals and project owners shudder at the mere mention of them. This article introduces the relatively common attacks at this stage, which are relatively easy to understand.

Hackers are finding new ways to hack every day. Not only do they steal money, they also try to steal sensitive data. Or they just want to completely destroy a system by running a dangerous script. Blockchain is also aware of this danger: many attacks have occurred in the past, of which the 51% attack is probably the most famous. A fairly new attack is the "dust attack".

What is dust?

Dust is a term that has been used in the crypto world for a long time before it became known as a dusting attack.

In the crypto space, we call very small amounts of cryptocurrency or tokens dust. This amount is usually so small that we don’t even notice it in our wallets.

Essentially, we can own as little as possible of a cryptocurrency or token. For example, in the case of Bitcoin, it is possible for someone to own 0.00000001 Bitcoin (BTC). This value is almost $0. This number is also the smallest amount of Bitcoin we can own.

When we trade on a crypto (centralized or decentralized) exchange, we may keep a small amount of the associated coins or tokens. On some exchanges, this dust can be exchanged for the native tokens of the exchange. For example, on Binance, BNB can be exchanged for dust.

In the case of Bitcoin, when the transaction result is less than the transaction cost, we call it dust. This is also called the dust limit and is calculated based on the inputs and outputs of the transaction. For a typical Bitcoin transaction without SegWit, this is 546 satoshis. For a SegWit transaction, this number is 294 satoshis.

When a transaction has less than the mentioned amount of Bitcoins, we will not be able to complete the transaction, resulting in dust remaining in our wallet.

Dust attack

In a dusting attack, hackers try to steal cryptocurrencies through dust. Many users will not even notice the presence of dust in their wallets. That is why hackers send a large number of small amounts of cryptocurrencies and tokens to different addresses. Then they monitor all these addresses. For example, they check if the dust was sent to another wallet that also belongs to the victim. By tracking these wallets, they know which wallets and addresses belong to the victim.

They then use this information to conduct phishing attacks. For example, they can send us a link that has a malicious script running behind it. When we click on the link, the attack begins, after which the hacker tries to steal cryptocurrencies and tokens from our wallets.

Where to perform dust attacks?

Typically, dust attacks are carried out on the Bitcoin network. However, Litecoin (LTC), Binance Coin (BNB), and several other cryptocurrencies and tokens have also been attacked.

How to identify a dust attack?

It is possible that hackers will attempt to perform dust attacks on us. For example, in October 2020, hackers attempted to perform a dust attack on the Binance cryptocurrency exchange.

We can identify a "dusting attack" by looking at the cryptocurrency received in our wallet. When we receive cryptocurrency from an address we don't know, there is a high probability that this is a dusting attack.

In some cases, there is a link in the transaction, usually a phishing link. We should never open such a link.

What to do if a dust attack occurs?

Do you think someone wants to perform a dust attack on you? Then we don't have to do anything. Just keep the cryptocurrencies in our wallets and don't send them to other addresses that belong to us. The most important rule is to never open a link that we don't trust.

Protect yourself from dust attacks

There are steps we can take to protect ourselves from dusting attacks. These steps can also help protect ourselves from other attacks.

As mentioned before, we shouldn’t just click on a link. If we don’t know where a link will take us, don’t click on it. Phishing attacks can happen at any time. After all, there have been many cases in the past where users lost large amounts of cryptocurrencies and tokens.

It is also important to install a virus scanner and scan your computer or laptop for viruses on a daily basis. If a problem does arise, a virus scanner can ensure that the virus is removed before it can cause damage.

To truly protect yourself, it is recommended to use a hardware wallet such as Trezor or Ledger, as dusting attacks are usually carried out on hot wallets.

Other encryption attacks

Dust attacks are certainly not the only attacks known in the crypto world. There are different types of attacks, some of which are targeted at individuals, while others target the entire community of a blockchain.

Ransomware

Ransomware is becoming a growing problem. Not only individuals, but also large companies have to deal with ransomware. Ransomware is a type of malicious software that can take control of your entire computer.

Once there is ransomware on a computer, then all the files are encrypted. This means that the user can no longer use them unless there is a special key to decrypt them. Now coincidentally, only hackers have this key.

They want to give you the keys, provided you transfer a certain amount of Bitcoin to them. This can range from a few hundred dollars to a few thousand dollars. If the user does not transfer the money within a certain period of time, then all files will be permanently destroyed.

Users can protect themselves from ransomware by using a virus scanner, rather than just opening a link or downloading a file. Hackers often send an email, such as an invoice. However, when the user opens the invoice, the ransomware is downloaded.

Cryptojacking

To understand this method, it is important to understand how the mining process works. In cryptojacking, someone's computer is used to mine cryptocurrency.

Again, the victim must first download a file from the internet. This file will then ensure that the victim's computer power is used to mine cryptocurrency. The hacker is also the only one who will receive a reward for mining cryptocurrency.

With cryptojacking, you can also protect yourself by using a virus scanner.

51% Attack

The attacks discussed previously are usually performed against a single user. However, there are also various attacks performed against the entire blockchain. Among these attacks, the 51% attack is the most famous.

In a blockchain network, consensus is formed when at least 51% of the network supports it. Suppose a miner has a prepared block. Then, the nodes in the network will check whether the block is valid. When at least 51% of the network agrees on the block, it will be added to the network.

This also means that when one person or organization controls at least 51% of the network, the entire blockchain can be controlled by this organization. In this way, transactions can be approved that should not actually be approved at all. In this case, the blockchain is completely corrupted.

The goal of a 51% attack is not economic gain, but to destroy the blockchain. Once a 51% attack is implemented, the price of the relevant currency collapses immediately. Therefore, the hackers do not actually gain any economic benefit.

Fortunately, the chances of this attack being successfully carried out on the Bitcoin or Ethereum blockchains are almost zero. This is due to the large networks behind these blockchains.

in conclusion

Now that you have a better understanding of how frequently performed attacks such as dusting, cryptojacking, ransomware, and 51% attacks work, to avoid becoming a victim, make sure to:

• Do not open any untrusted links.

• Never share private keys.

• Never share your seed phrase.