Dusting Attacks - Reading Assignment

Privacy Coins - Ultimate Course
#81

Hiya,

Why would you need to dust an account for this? I can assume I already have the bitcoin address if I am sending funds to it, so surely I can just look at transactions made by that address and link the TX inputs, regardless of whether one of them is the dust input that I sent to them?

Thanks :slight_smile:

Kiki

1 Like
#82

@kiki does this post answer your question?

1 Like
#83

HI @Grant_Hawkins I can’t see an answer, am I being dim?

1 Like
#84

  1. The goal is to identify the person/company behind a wallet by linking multiple addresses to the same wallet.

  2. The victim is exposed to phishing attacks and extortions.

  3. Dusting attacks can work for both Type of wallets.

  4. The “Do Not Spend” feature that let users to mark suspensions funds, and also the implementation of a real-time alert for dust tracking.

1 Like
#85

What is the goal of a dust attack?
To be able to trace and identify to which person the address belongs.

If a dust attack is successful, how is the victim at risk?
the person is at risk of extortion or pishing.

Do dust attacks work for HD Type 1, Type 2 wallets or both?
For both since once the powder funds are spent they can be tracked.

What features did Samourai Wallet add to protect against dust attacks?
A real-time alert that notifies about the possible dust attack and that the user can mark the funds as suspicious and thus not be included in future transactions.

1 Like
#86

Sorry I thought I’d linked a previous post :sweat_smile: I’ll try again:

#87

@Kiki this one from above

1 Like
#88

thanks @Grant_Hawkins I understand that, but if your wallet is creating transactions from a single wallet, then it will naturally combine those transactions anyway, so the dusting would be irrelevant wouldn’t it?

Like the chainalysis guy says “It doesn’t seem like there is much utility in [dusting], because if the address exists on the blockchain, it can already be tracked. And if it doesn’t, a single payment to it will make it appear in the software, so no need for dusting. It wouldn’t improve IP tracking capabilities.”

1 Like
#89

I see what you mean –

Going back to the example above, if I meant to keep my UTXOs from both addresses separate, my wallet could insert it into the transaction without my realizing it, and then the addresses would be linked on-chain.

1 Like
#90

Yes, but if your wallet is joining transactions from different addresses, this would happen anyway, regardless of whether the transaction was generated from a transaction you have received from a customer or a small transaction from someone who had dusted the wallet.

#91

1: To identify the owner of a wallet and then do ransomware phishing or other scams to the individual or company owning the wallet
2:the owner can have is computer infected with malware/ransomware and money stolen.
3:No deterministic wallet are subject to attack as dust is often left in the wallets
4:Wallets such as Samurai try to prevent dusting attacks by sending notices.and have do not spend function.

#92

  • What is the goal of a dusting attack?
    The goal is to link that tiny amount of coin/token to companies and individuals to identify possible targets of attack. Goal being phishing and cyber/extortion attacks that may lead to exploiting crypto accounts/wallets.

  • If a dusting attack is successful, how is the victim at risk?
    It is only successful if wallet holders are identified. Attackers can figure out email, phone #'s, social media, and even I.P. addresses to begin attacks on personal/company networks. Holding private keys on a pc like device or server is highly risky.

  • Do dusting attacks work for type-1 HD wallets, type-2, or both?
    unless those wallets are equipped with dust attack features like the Samurai wallet, then yes, any wallet is vulnerable if it does not segregate dust amounts with options to use it or not.

  • What features did Samourai Wallet add to protect against dusting attacks?
    A real-time alert for dust tracking and a “do not spend” feature to segregate suspicious funds.

#93
  1. The goal is to eventually be able to link the dusted addresses and wallets to their respective companies or individuals.
  2. If successful, the attackers may use this knowledge against their targets, either through elaborated phishing attacks or cyber-extortion threats.
  3. Both
  4. The Samourai Wallet team implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that let users mark suspicious funds, so these are not included in future transactions.
#94

What is the goal of a dusting attack?

My understanding of a dust attack is an attack on a wallet, to de-anonymize identity of the person or institution controlling the wallet/funds.

If a dusting attack is successful, how is the victim at risk?

If a dusting attack is successful, the attacker will then try to steal funds or information from the owner through phishing attacks or even cyber-extortion threats or even violence if they have enough information.

Do dusting attacks work for type-1 HD wallets, type-2, or both?

From my understanding, a type-2 wallet would be more vunerable because if the wallets address are deterministic there is some correlation between the address created, its feasible that some kind of connection can be made. where as a type-1 wallet everything is more randomized and no address has any correlation to another.

I definite want more insight here, thank you to whoever gives me that.

What features did Samourai Wallet add to protect against dusting attacks?

The First thing Samourai did was notify there users, second they implemented a “do not spend” feature that lets users mark suspicious funds so there funds aren’t included in future trans actions.
I understand that the suspicious funds would be joined when money is spent through a new utxo that becomes created on the wallet, how would i as a user stop this from happening? moving my funds from the wallet, leaving the dust in the abandoned wallet?

#95
  1. The goal of a dusting attach is to de-anonymise the holder of a crypto wallet.
  2. If the malicious attackers are able to link the dust UTXO they sent you with a subsequent transaction where you send the dust combined with other inputs as an output they may be able to personally identify you or your organization. Knowing your real identity they can impliment phishing scams, a cyber attack, or ransom to rob you.
  3. I dont think using a different address will help as the dust will link the two addresses.
  4. I understand that the Samourai wallet team implimented a feature to warn users when there was a small deposit that was likely a dust attack and also a feature that isolated these deposits so that they were not used in future transactions. In effect keeping the loose change sent to them by the attackers.
#96
  1. A dusting attack refers to a relatively new kind of malicious activity in which hackers and scammers send tiny amounts of crypto to wallets in an attempt to deanonymize their owners.
  2. The transactions are traced in an attempt to identify the owner of the wallet.
  3. No the funds are later sent elsewhere and are traceable.
  4. Samourai wallet alerts the users of suspicious dusting funds, and the user can mark them not to be used in future transactions.
#97

  1. The goal of the dusting attack is to deanonymize the users. To possibly blackmail.

  2. The victim is now at the risk of possible cyber-extortion threats, blackmailing, etc…

  3. They do work for both types of wallets, the only way to secure wallets from such a threats is

  1. It has the function of Dust TX alerts. It allows us to mark unknown small deposits.
#98

The goal of a dusting attack is to analyse blockchain transactions to deanonymise users by sending small transactions to their wallet
If the attack is successful victim of fishing or extorsion.
Dusting works on H-1 and H-2 due to internet connectivity
Samourai wallets have the capacity to report suspicious transactions to their users with “Do Not Spend” warning feature

#99
  1. What is the goal of a dusting attack?

identify the idendity of a a person or firm behind a public crypto address

  1. If a dusting attack is successful, how is the victim at risk?

phishing attacks are possible to figure out the private key of the related person

  1. Do dusting attacks work for type-1 HD wallets, type-2, or both?

it works for both types

  1. What features did Samourai Wallet add to protect against dusting attacks?

They implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that let users mark suspicious funds, so these are not included in future transactions.

#100

  1. What is the goal of a dusting attack?
    A dusting attack attempts to link wallet addresses to individuals and businesses in the hopes of being able to discover the wallet users identity in order to target them.

  2. If a dusting attack is successful, how is the victim at risk?
    The victim is at risk of being targeted with phishing attempts or cyber extortion threats.

  3. Do dusting attacks work for type-1 HD wallets, type-2, or both?
    It would seem to me that both wallet types could be linked by a dusting attack.

  4. What features did Samourai Wallet add to protect against dusting attacks?
    Samourai Wallet added a ‘Do Not Spend’ feature that marks suspicious funds so they are not used in future transactions.