Dusting Attacks - Reading Assignment

No funds can be stolen with a dusting attack, but the privacy can be broken by linking these addresses to a physical entity.

1. What is the goal of a dusting attack? The goal is to break the privacy of Bitcoin and cryptocurrency.
2. If a dusting attack is successful, how is the victim at risk? Company or person identity is revealed. Hackers will have the abilty for elaborated phishing attacks or cyber-extortion threats.
3. Do dusting attacks work for type-1 HD wallets, type-2, or both? Both
4. What features did Samourai Wallet add to protect against dusting attacks? The Samourai Wallet team implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that let users mark suspicious funds, so these are not included in future transactions.

1. What is the goal of a dusting attack?
   de-anonimising Blockchain users

2. If a dusting attack is successful, how is the victim at risk?
   Targeted extortion

3. Do dusting attacks work for type-1 HD wallets, type-2, or both?
   both. but type 1 is probably easier

4. What features did Samourai Wallet add to protect against dusting attacks?
   The Samourai Wallet team implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that let users mark suspicious funds, so these are not included in future transactions.

1. What is the goal of a dusting attack?
   The goal is to eventually be able to link the dusted addresses and wallets to their respective companies or individuals.
   A dusting attack refers to a relatively new kind of malicious activity where hackers and scammers try and break the privacy of Bitcoin and cryptocurrency users by sending tiny amounts of coins to their personal wallets. The transactional activity of these wallets is then tracked down by the attackers, who perform a combined analysis of several addresses as an attempt to identify the person or company behind each wallet.

2. If a dusting attack is successful, how is the victim at risk?
   If successful, the attackers may use this knowledge against their targets, either through elaborated phishing or cyber-extortion threats.

3. Do dusting attacks work for type-1 HD wallets, type-2, or both?
   I’m guessing both.

4. What features did Samourai Wallet add to protect against dusting attacks?
   The Samourai Wallet team implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that let users mark suspicious funds, so these are not included in future transactions.

1. The goal of a dusting attack is to able to link the addresses and wallets to their respective companies/individuals.
2. If they are successful, the attackers will use this knowledge to use phishing attacks or cyber-extortion threats on their targets.
3. No, once you make a transaction with the dust funds, they can track you. Therefore Samourai Wallet implemented and allows you to use a “do not spend” feature so you don’t spend these unknown funds.
4. They implemented a real-time alert for dust tracking and a “do not spend” feature that lets users mark suspicious funds, so they are not included in future transactions.

1. What is the goal of a dusting attack?

To link multiple Bitcon addresses to the same user.

2. If a dusting attack is successful, how is the victim at risk?

Their identity can be compromised.

3. Do dusting attacks work for type-1 HD wallets, type-2, or both?

Both. It’s up to a wallet to introduce a anti-dust attack measures as with the Samourai Wallet or with Ledger Nano’s Coin Control.

4. What features did Samourai Wallet add to protect against dusting attacks?

Tiny amounts of UTXo aka dust are not spent that makes dusting attacks not possible.

1. What is the goal of a dusting attack?
   to de-anonymize the wallets owner , that is: to get their personal infromation
2. If a dusting attack is successful, how is the victim at risk?
   because the attackers could try to perform some phishing via e-mail or something like that
3. Do dusting attacks work for type-1 HD wallets, type-2, or both?
   I guess its both, but I dont know how to provide an analysis for this
4. What features did Samourai Wallet add to protect against dusting attacks?
   they added a real time alert mechanism, that alerted every user that got some dust, and prevented to move those new dusts.

Because addresses are derived from the key and since most wallets combine UTXOs together on their own a user might not be aware his wallet will use an address that was part of dusting attack and other addresses to construct a tx. Thus creating links to these addresses because in most cases if a transaction has multiple addresses as input it can be safe to assume it comes from the same user.

1. To deanonymize a person or entity behind a wallet.

2. They can be extorted or tricked with elaborate phishing attacks.

3. Yes, they both are, but because they create a new address with each transaction they make it more difficult to be deanonymized.

4. They identified suspicious transactions that could be dusting attacks.

1. goal is to analyze blockchain in order to decipher persons behind accounts.

2. the hacker knows personal information and can use for financial hm or extert you

3. yes, it works on all types of wallets

4. They warned users to be careful about suspicious transactions and added “do not spend” feature that marked the dusting attack risks

Dusting attacks are implemented in an attempt to eventually gain access to the identity of owners of certain Bitcoin and other cryptocurrency addresses. The idea is that once the attackers gain knowldge of the owners identities, they will be able to concentrate other types of attacks to the owners of theses addresses. Samurai, a wallet which already had suspicious transaction tracking mechanisms, further implemented a do not spend order on these micro-payments. The idea is that if the funds don’t move, the attackers cannot associate future transactions with the same wallets. Samurai also elevated th dust tracking mechanism into a full alert, thereby notifying address holders that their wallet is being dusted.
Although deterministic walletscan add a higher level of anonymity due to the sheer number of pre determined or foreseeable determinal addresses, their is a great risk that the dust will be included in a future transaction as a UTXO, thereby potentially revealing its owners other addresses. In the end, isolating the dust and preventing it from being spent is the only manner to prevent this type of attack, wgich neither type 1 nor type 2 currently solve.

1.)
After dusting different addresses, the next step of a dusting attack involves a combined analysis
of those addresses in an attempt to identify which ones belong to the same crypto wallet.

2.)
If successful, the attackers may use this knowledge against their targets, either through elaborated phishing
attacks or cyber-extortion threats.

3.)
Both are vulnerable.

4.)
The Samourai Wallet team implemented a real-time alert for dust tracking as well as a “Do Not Spend”
feature that lets users mark suspicious funds, so these are not included in future transactions.

1. To de-anonymize a user (by essentially triangulating public addresses)
2. If your public address is identifiable an account with a large balance then that can be used against you in all sorts of ways… from targeted unwanted advertising/marketing, to extortion, black mail, kidnapping etc etc etc
   3.both/any
   4.The Samourai Wallet team implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that lets users mark suspicious funds, so these are not included in future transactions.

1. sending tiny amount of cryptocurrencies to large number of addressess to connect those to one wallet and thenlinked that wallet to the owner thus breaking their privacy - deanonimize them.
   2.risk of any standard extortion .
   3.no.
   4.do not spend dust strategy.

It works on both.

1. The goal of a dusting attack is to break the privacy of bitcoin or cryptocurrencies users.

2. The hackers will be able to identify the addresses owner and elaborate phishing attacks or cyber-extortion threats on them.

3. The only way to protect yourself from dust attack is if you don’t spend the dust you received.

4. They implemented a realtime alert and a do not spend feature that lets users mark suspicious funds so they don’t spend these funds.

1. the goal is to deanonymize the company/person behind the wallet.

2. they can use the information to cyber-extort the victim, blackmail or even for phishing scams.

3. no they do not

4. implemented “do not spend feature” and a “dusting alert” notification for users.

1. What is the goal of a dusting attack?
   track the activity of a wallet to understand the possible owner

2. If a dusting attack is successful, how is the victim at risk?
   phishing attack, also hidden in transactions

3. Do dusting attacks work for type-1 HD wallets, type-2, or both?

4. What features did Samourai Wallet add to protect against dusting attacks?
   do not spend features which allow to don’t spend dust

Dusting Attacks

• What is the goal of a dusting attack?
  • To link wallets together to identify someone, then to phish attack those addresses.
• If a dusting attack is successful, how is the victim at risk?
  • Their addresses are knowingly linked by the attacker which can then set up cyber extortion & phishing attacks
• Do dusting attacks work for type-1 HD wallets, type-2, or both?
  • Both
• What features did Samourai Wallet add to protect against dusting attacks?
  • They implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that let users mark suspicious funds, so these are not included in future transactions.

1.) What is the goal of a dusting attack?
The goal is to eventually link the dusted addresses and wallets to their respective companies or individuals.

2.) If a dusting attack is successful, how is the victim at risk?
If successful, the attackers may use this knowledge against their targets, either through elaborated phishing attacks or cyber-extortion threats.

3.) Do dusting attacks work for type-1 HD wallets, type-2, or both?
No! But it makes it harder for the attacker to track activities because creating new addresses helps protect users’ privacy.

4.) What features did Samourai Wallet add to protect against dusting attacks?
The Samourai Wallet team implemented a real-time alert for dust tracking as well as a “Do Not Spend” feature that lets users mark suspicious funds, so these are not included in future transactions.