Cloud

New 'Crypto Dusting' Attack Gives Cash, Takes Reputation

This new form of crypto wallet fraud enlists unwary consumers and companies to help defeat anti-money laundering methods for law enforcement and regulators.

A fraction of a bitcoin anonymously dropped into your cyberwallet may seem like a bit of good fortune, but opinions can change rapidly when you're labeled a likely criminal. That's the situaton companies and individuals are finding themselves in when they're the victims of "crypto-dusting" - one of the newer, and more challenging, hacks involving popular cryptocurrency.

The anonymous bitcoins were coming from BestMixer.io, a cybercurrency "mixer" often used to anonymize cybercurrency transactions to improve privacy or hide criminal activity. If you look inside the transaction record, says Dave Jevans, CEO of CipherTrace and chairman of the Anti-Phishing Working Group, you find a plan-text message that's a welcome from the BestMixer team.

But this "gift" comes with a price: "You have engaged in a transaction with a known money-laundering service, so it will raise the risk on your accounts for any exchange that has implemented anti-money laundering protocols," he says.

In addition, creating hundreds of thousands of newly tainted accounts could provide a smokescreen for the illegitimate transactions regulatory algorithms are supposed to catch. As for choosing their victims, Jevans says the methodology is simple: "They're just putting it in your crypto wallet. When they do a run, they look at the last 75,000 addresses and send to them. When you open up your wallet, it's there."

"It's logical, but I think it's shortsighted," says Mounir Hahad, head of Juniper Threat Labs at Juniper Networks. "The whole notion of 'tainted' is specific to the way the algorithms are deployed today." And, he points out, those algorithms can change.

While they're changing, there are some specific steps that consumers and companies can take to protect themselves. "On the consumer side, when you receive money like this — a small amount from an unknown source — the best thing to do is go in and block it from being sent," Jevans says. "If you ever spend it, it will wreak havoc with your privacy."

Larger organizations and enterprises have a somewhat more complicated task. "They'll need to work with their vendors on anti-money laundering and be able to cipher out the mixer coin that came from crypto duster attacks," he says.

Fortunately, this is an attack method that may have a short lifespan, according to Hahad. It should be relatively easy to tweak the anti-money laundering algorithms used by regulators and law enforcement to ignore the tiny fractional transactions that are part of the attack.

"This is not something that regular folks should be worried about — it's for regulators and law enforcement," he explains. "It will make their lives more difficult for a while, but as soon as they can patch their algorithms they'll be back in business."

Related content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6455
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c.
CVE-2019-6456
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a.
CVE-2019-6457
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a.
CVE-2019-6458
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.
CVE-2019-6459
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a.