Dusting Attacks - Reading Assignment

  1. The goal of a dusting attack is to uncover the identy of the person or company using the cryptocurrency.

  2. If a dusting attack is succesful the victim is at risk of Phishing or extortion.

  3. Deterministic Wallets do not protect against dusting attacks.

  4. Samourai Wallet implemented a real time alert and also a “Do Not Spend” feature to be applied to dubious transactions.

1 Like

#1 - What is the goal of a dusting attack?
The goal is to deanounymise cryptocurrencie-users

#2 - If a dusting attack is successful, how is the victim at risk?
When the identity of a user is revealed, the scammer / hacker could try to perform a phishing attack for example

#3 - Do deterministic wallets protect against dusting attacks?
No, the reciving adress is still contaminated, so future UTXOs can be tracked down

#4 - What features did Samourai Wallet add to protect against dusting attacks?
They implemented a real-time-alert and a non-spending feature

1 Like
  1. What is the goal of a dusting attack?

The goal of a dusting attack is to link the dusted addresses and wallets to their respective companies or individuals and therefore de-anonymize cryptocurrency users

  1. If a dusting attack is successful, how is the victim at risk?

If a dusting attack is successful the attacker may use knowledge of identity trails against their targets, either through elaborated phishing attacks or cyber-extortion threats.

  1. Do deterministic wallets protect against dusting attacks?

When you are using deterministic wallet you should receive your cryptocurrencies each time on different address. When you notice that you got dusted, as long as you don’t move dust fund from dusted addresses you cannot be traced.

  1. What features did Samourai Wallet add to protect against dusting attacks?

The Samourai Wallet has a real-time alert for dust tracking as well as a “Do Not Spend” feature that let users mark suspicious funds, so these are not included in future transactions.

1 Like
  1. the goal of the attack it to deanonamyse the block-chain users and to see which addresses belong to which wallets.
    2.Fishing attacks or blackmail depending on the situation
  2. No. you create a new public key for each transaction but that wont protect you from it.
  3. It allows you to block certain UTXOs so they are never spent and so cannot be traced back to your wallet.
1 Like

To obtain the identity of the wallet holder to then extort them into paying a ransom, they do this by sending very small amounts of cypto called dust and then tracing where those amounts are distributed to and from.

The scammers then know the real identity of the wallet holder and all the transactions made, they can then proceed to extort the owner for payment or ransom.

No, because the dust is so small it will be included in most transactions, henceforth allowing the scammers to track them.

They allowed the owners to freeze the dust amounts so that they could not be tracked.

1 Like
  1. To track those tiny transactions (doable only once they are re-spent) to use in further attempts to hack into wallet. On its own its not enough but one step of the dusting hack.

  2. Attacker tracks spending to reveal a link between a wallet address and a person and then looks to hone in on that person’s online habitats to exploit in further ways to eventually try to steal / hack the wallet.

  3. Not specifically, no

  4. Samouri Wallet looks for these tiny dust deposits and locks them so that they are not respent (unless the owner of the wallet wants to - once they have confirmed it is legit)

1 Like
  1. To link real identity with the public key.
  2. Phishing attacks or cyber-extortion threats.
  3. No.
  4. Real time possible attack and do not spend features updates to the users.
1 Like
  1. What is the goal of a dusting attack?
    To identify owners of an address.
  2. If a dusting attack is successful, how is the victim at risk?
    They may become a victim of phishing or some other attack.
  3. Do deterministic wallets protect against dusting attacks?
    No because they track the funds that were sent.
  4. What features did Samourai Wallet add to protect against dusting attacks?
    “Do not spend” feature for suspicious transactions.
1 Like
  1. The goal of a dusting attack Is to break the privacy of Bitcoin and cryptocurrency users. The goal is to eventually be able to link the dusted addresses and wallets to their respective companies or individuals. If successful, the attackers may use this knowledge against their targets, either through elaborated phishing attacks or cyber-extortion threats.

  2. When a dusting attack is successful the way a victim is at risk is a hacker sends a tiny amount of crypto (dust) to a victims wallet. The transactional activity of these wallets is then tracked down by the attackers, who perform a combined analysis of several addresses as an attempt to identify the person or company behind each wallet.

  3. Deterministic wallets do not protect against dusting attacks typically. They can add features which you must implement such as the answer to #4.

  4. Samourai Wallet added some features to protect against dusting attacks. The company sent out a tweet warning users about the attacks and explaining how they could protect themselves. Their team implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that let users mark suspicious funds, so these are not included in future transactions.

1 Like
  1. To deanonomise transactions and find out who the addresses belong to

  2. From phishing or extortion attacks

  3. Yes because every receiving transaction has a new address

  4. implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that let users mark suspicious funds, so these are not included in future transactions.

1 Like
  1. The goal of a dusting attack is to de-anonymize a cryptocurrency wallet holder.
  2. If a dusting attack is successful, the victim is at risk of phishing attacks or digital extortion.
  3. Deterministic wallets protect your from dusting attacks by creating new address for every new transaction.
  4. Samourai Wallet created a ‘do not spend’ UTXO label to avoid spending dusted BTC.
1 Like

1.The goal of a dusting attack is to determine the identity of the person or company who owns a specific wallet.
2.If a dusting attack is successful and the owner’s identity is discovered they could become a target for phishing attacks or extortion.
3.Deterministic wallets do not protect against dusting attacks because the “dust” funds will automatically be added to other amounts to make-up larger transactions, and because they will still have their own independent transaction I.D., they will continue to be traceable through that transaction.
4.The features Samouri Wallet added to protect against dusting attacks were; providing a “Dusting Alert” and adding a “Do Not Spend” feature for suspicious amounts.

1 Like
  1. The goal is to identify addresses which are controlled by the same person or party when this dust is used as input in the same transaction.
  2. Knowing all the linked addresses gives information about the amount of coins this person or party possess and could potentially reveal real identity of an owner. The attacker may use this knowledge against the owner of coins through phishing attacks or cyber-extortion threats.
  3. As far as I understand - no. Most bitcoin wallet implementations do not allow CoinJoins, thus by doing network analysis we can assume that all inputs in a transaction are from one person.
  4. Samourai Wallet has “Do not spend” feature that allows to mark suspicious funds so they are not included in future transactions.
1 Like
  1. identifying the person or company behind each wallet to eventually be able to link the dusted addresses and wallets to their respective companies and individuals
  2. their wallet will be at risk of elaborates phishing attacks or cyber-extortion threats
  3. nope, but they can implement real-time alert to their user in case they tract a dusting attempt, if dust fund is not moved, the attacker attempt will failed
  4. “Do Not Spend” feature that let their users mark a suspicious fund
1 Like
  1. What is the goal of a dusting attack?
    To reveal transaction owners of cryptocurrencies that are not privacy based

  2. If a dusting attack is successful, how is the victim at risk?
    Scammers can perform phishing attacks or target them for extortion

  3. Do deterministic wallets protect against dusting attacks?
    No - because the dust attacks work independently of the wallet through transactions. You can however never move the dust funds to prevent the attack

  4. What features did Samourai Wallet add to protect against dusting attacks?
    By sending attack notifications and a “do not spend” toggle feature.

1 Like
  1. The goal of a dusting attack is to identify which public keys belong to the same wallet.
  2. The goal is to eventually be able to link the dusted addresses and wallets to their respective companies or individuals. If successful, the attackers may use this knowledge against their targets, either through elaborated phishing attacks or cyber-extortion threats.
  3. No.
  4. The Samourai Wallet team implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that let users mark suspicious funds, so these are not included in future transactions.
1 Like

Could … NOT …resist… the… Disney. Sorry. :tired_face:

1 Like

1. What is the goal of a dusting attack?
To de-anonymize/ identify address holders by linking public keys belonging to the same wallet

2. If a dusting attack is successful, how is the victim at risk?
The victim can then be targeted through phishing or cyber extortion, or the authorities could use their information either to track illegal activity or to help then seize digital assets

3. Do dusting attacks work for type-1 HD wallets, type-2, or both?
I would think for both, as long at the dust is spent. Would appreciate if someone could please clarify this one a bit further.

4. What features did Samourai Wallet add to protect against dusting attacks?
They added a Do Not Spend feature to prevent spending dust and ultimately linking addresses which would combine inputs (including dust inputs) for UTXOs.

3 Likes
  1. Tracks the activity of the wallet.
  2. Extortion attacks.
  3. Deterministic wallets don’t protect against dusting attacks.
  4. Implementation of a real time alert and a non spending feature.
1 Like
  1. What is the goal of a dusting attack?

The goal is to try reveal the identity of the person or company behind a the wallet.

  1. If a dusting attack is successful, how is the victim at risk?

The scammer can use a phishing attack or do a cyber-extortion threats.

  1. Do dusting attacks work for type-1 HD wallets, type-2, or both?

Both.

  1. What features did Samourai Wallet add to protect against dusting attacks?

Implentation of “Do Not Spend” feature with real time alert.

1 Like