Dusting Attacks - Reading Assignment

Read the page from Binance Academy on Dusting Attacks. Answer the questions and post your answers below:

https://academy.binance.com/en/articles/what-is-a-dusting-attack

1. What is the goal of a dusting attack?
2. If a dusting attack is successful, how is the victim at risk?
3. Do dusting attacks work for type-1 HD wallets, type-2, or both?
4. What features did Samourai Wallet add to protect against dusting attacks?

1. A dusting attack refers to a relatively new kind of malicious activity where hackers and scammers try
   and break the privacy of Bitcoin users by sending tiny amounts of coins to their personal wallets.
2. The transactional activity of these wallets is then tracked down by the attackers, who perform a
   combined analysis of several addresses as an attempt to identify the person or company behind
   each wallet.

3.No, The best way to protect against such activity is to use the strategy advised by Samurai Wallet,
which provided the users with a “do not spend” feature. This allows the user to mark small, unknown
deposits in their wallet in order to never use this UTXO for further transactions.

Dusting attacks are mainly targeted at private wallet holders. Therefore, it’s essential to keep track of
incoming funds, and it’s always a good idea to use a wallet address only once, which provides further
protection. Other security measures may include installing a
private network, or VPN, along with a trustworthy antivirus on all of the devices that are used to
access crypto, as well as encrypting wallets and storing keys inside encrypted folders.

4.The Samurai Wallet for example, has a “Do not spend” feature. This allows the user to mark
unknown small deposits on his wallet in order to never use this UTXO for further transactions.This
feature is a reaction of the developers of the Samurai Wallet, who already noticed at the end of
October 2018 that many users of their Wallet had become victims of such Dusting attacks.

1. The goal of a dusting address is to identify the idendity of a a person or firm behind a public crypto address in order to finally blackmail them.
2. See above: once the attackers are able to identify you, they can extort you or try to put some malware on your computer.
3. Yes, some like Samurai are trying to idetify nonsensical dust transactions and urge the owners of the wallet not to use them. In this way no link to any persons can be made.
4. See above.

The goal of a dusting attack is to de-anonymize the privacy of a user or firm by sending small amounts of cryptocurrency to multiple addresses.

Phishing attacks or Cyber Extortion threats

No because the dusted funds sent to your wallet will still be trackable one you use them in another transaction.

They added a feature where they notify you of suspicious activity.

1. What is the goal of a dusting attack?
   Track the activity of a wallet.

2. If a dusting attack is successful, how is the victim at risk?
   Revealing financial activity without knowing it.

3. Do deterministic wallets protect against dusting attacks?
   If you do not reuse addresses and most important, do “coin control”, you can identify suspicious activity.

4. What features did Samourai Wallet add to protect against dusting attacks?
   Identify suspicious founds with “do not spend” label.

• What is the goal of a dusting attack?
  The goal of a dusting attack is to de-anonymise the addresses effectively linking them with the identity of the real user behind the pseudonym (address)

• If a dusting attack is successful, how is the victim at risk?
  The risk is that the attacker can use his new acquired knowledge of the user to create an ad hoc phishing threat or even an extortion technique.

• Do deterministic wallets protect against dusting attacks?
  deterministic wallet can protect from dusting attack changing the receiving address after every transaction.

• What features did Samourai Wallet add to protect against dusting attacks?
  Samourai wallet added a feature that identify suspect transfers and flag them for the user to know to not to spend this UTXOs since a dusting attack is based on the mixmatch of the addresses of recipients that move the “dust” in another Tx.

1. The goal is to be able to use the process of sending many small transactions (dust is the term used for very small amounts of coins) to a huge number of wallets so that if these amounts are transferred to other wallets it would be possible to analyze them and identify different wallets belonging to the same owner. After the successful identification it would then be possible to directly attack those owners via phishing or other methods.
2. The risk of de-anonymization of the owner, leading to the failure of the network security.
3. That depends on the way the owner behaves with the coins on its wallet, because if they are moved between different addresses they could still be tracked. However, a good strategy is the one implemented by Samurai Wallet which allows to prevent the transfer of suspicious coins.
4. Samurai Wallet implemented both the “Do Not Spend” feature, to enable wallet owner to discretionally pick the coins to be transferred basing on the provenance of the UTXO, as well as a “dusting alert” to notify users of possible attacks.

#3: changing addresses won’t help against dusting, because your addresses can be connected by linking the dust?

I see the error i got confused from this part:

Ideally, a brand new Bitcoin address should be created for every new receiving transaction or payment request as a way to preserve users privacy.

but i realize now this is talking about bitcoin pseudonimity and not dusting attack…

@Grant_Hawkins I think I’ve been victim of dusting attacks on EOS, see my wallet… because EOS is kinda stupid as it doesn’t allow to create an account for free, I used a service claiming to pay for the RAM to create one, so it was a “free” service offered by MEET ONE so I ended up creating my “vanity” address with them, check it out: https://bloks.io/account/firepolswiss

The problem is that since then I receive (mostly in Chinese) spam marked as “news” and I don’t know how to block it. Sometimes some airdrops of shitcoins with no value, so just dust.

So I think that this address is compromised (I consider this a test wallet anyway) and I may create a new one, less vanity, some random string to give me better privacy I guess.

1. What is the goal of a dusting attack?

The goal is to identify the person or the company behind a specific wallet.

2. If a dusting attack is successful, how is the victim at risk?

Scammers can do elaborated phishing attacks and cyber-extortions.

3. Do deterministic wallets protect against dusting attacks?

No, because when a user spends funds there is (usually) no way to prevent it from using those dust funds. Some wallets (see Samourai wallet) allow to freeze those funds.

4. What features did Samourai Wallet add to protect against dusting attacks?

Samourai Wallet sends an alert to their users on suspicious or dust transactions, they also implemented a “do not spend” feature to allow users to mark those suspicious funds and prevent them from using them.

1. To break the privacy of Bitcoin and cryptocurrency users.
2. Risk of having its cryptos stolen.
3. Deterministic wallet don’t protect against dusting attacks, because the dusted funds sent to your wallet will still be trackable once you use them in another transaction.
4. The Samourai wallet enables the identification of suspicious funds with “do not spend” label.

1. To de-anonymize addresses and link them to people.

2. They could know all your transaction history. Use it to find you and rob you. Know when your not home. Know where you shop, and work. Make your funds and transactions public. Besides the safety hazards for individuals. This has terrible ramifications for any business doing R&D.

3. They could help if every transaction receive went to a new address and reduced the funds linked in a dusting attack. Though it’s entirely possible that with time and data analytics that the deterministic wallet not help.

4. The Samurai wallet warns not to spend TX that could be linked to dusting.

1.goal is to deanonymize a bitcoin user by linking several adress together
2.victim will then become target of ransom ware or phishing expeditions
3.not especially
4.samura wallet has a do not spend feature for amounts of btc, making it more difficult to track

1. The goal is be able to link the dusted addresses and wallets to their respective companies or individuals.
2. They can identify you, track related transaction.
3. Helpful in combating this dust attack.
4. Real-time alert for dust tracking and “Do Not Spend” feature.

Interesting, I did have a look.

If there’s a risk here, I don’t think it’s a ‘dusting attack’ per se. The goal of a dusting attack is to connect an outbound transaction to multiple input addresses. If you’ve only got one address here, your inputs and outputs are connected by default

Also, dust has to be in a currency that you use, so that you might use the dust as an input UTXO ‘by accident’. If someone sends you a shitcoin, there’s no risk of ‘accidentally’ including the shitcoin in an tx of a different currency.

Good question!

1. To deanonymise the address holder.

2. Attacker is able to perform phishing or cyber extortion threats.

3. Not really. If the coins are later spent, attacker can trace them and link with other transaction to reveal victim’s identity.

4. It informs about incoming dust transaction and allow user to mark these coins as “do not spend”.

1. What is the goal of a dusting attack?
   To get identities behind an address, to endly blackmail or maybe visit them at their home to ask for the private key under pressure.

2. If a dusting attack is successful, how is the victim at risk?
   Victim can be find on a living address and address on the web by IP address for example, later on going after them with phising or knocking on the front door of their house,

3. Do deterministic wallets protect against dusting attacks?
   No

4. What features did Samourai Wallet add to protect against dusting attacks?
   An alert their users function to give alarm on suspicious transactions
   And be able to freeze the coins so they can spend anymore.

1. What is the goal of a dusting attack?
	a. track trancactional activite of wallets by sending tiny amounts of coins to arbitrary addresses
2. If a dusting attack is successful, how is the victim at risk?
	a. you can combine addresses / wallets which are uses in an affected address and can track their whole tx history - may you also can get the ID of the User -> this knowledge can used against the individuals by attack them via phishing or syper-extortion
3. Do deterministic wallets protect against dusting attacks?
	a. no
4. What features did Samourai Wallet add to protect against dusting attacks? 
	a. they implemented a real-time alert for dust tracking

• What is the goal of a dusting attack?
  To identify the person or company behind each wallet.

• If a dusting attack is successful, how is the victim at risk?
  The attackers may use this knowledge against their targets, either through elaborated phishing attacks or cyber-extortion threats.

• Do deterministic wallets protect against dusting attacks?
  No, but it helps. changing addresses makes it harder to track my activity.

• What features did Samourai Wallet add to protect against dusting attacks?
  Samurai Wallet implemented both the “Do Not Spend” feature as well as a “dusting alert” to notify users of possible attacks.

1. Track the activity of a wallet → attack wallet
2. Create an phishing threat or an extortion technique.
3. No, because the dusted funds sent to your wallet will still be traceable once you use them in another transaction.
4. Identify suspicious founds with “do not spend” label.