visit
However, we’ve yet to see strong enough evidence that dusting attacks have succeeded in causing a disruption to the way exchanges are viewing coins as tainted.
What seems far more likely to be of concern for users is that these attacks are targeted at compromising the privacy of specific individuals or companies holding large amounts of crypto.As Binance explains in this , “after dusting multiple addresses, the next step of a dusting attack involves a combined analysis of those various addresses in an attempt to identify which ones belong to the same wallet… The goal is to eventually be able to link the dusted addresses and wallets to their respective companies or individuals. If successful, the attackers may use this knowledge against their targets, either through elaborate phishing attacks or cyber-extortion threats.”But the blockchain is transparent anyway, isn’t it? So what information do attackers gain from the dust that they can’t get by just looking at the blockchain? Why send any dust at all?
The answer lies in and the logic they use in determining which will be used to make a payment. Essentially every unspent amount in your wallet is a UTXO.Let’s look at an example. Tim is a crypto enthusiast who uses an HD wallet. He HODLs 500 BTC in one address. He also trades on an exchange and uses his wallet to make transactions.A snapshot of Tim’s HD wallet. HD wallets are far more complicated with multiple UTXOs of varying denomination under each address, but we’re keeping it simple for clarity.
If Tim sends 3.2 BTC to Binance, UTXO 2 and UTXO 4 amounting to 3.5 BTC (the transaction fee also needs to be taken into account) are picked up and sent to the exchange.If Tim spends 1.35 BTC at Amazon, UTXO 5 and UTXO 7 amounting to 1.6 BTC are picked up.If Tim sends 1.2 BTC to a friend, UTXO 6 and UTXO 8 amounting to 1.4 BTC will be picked up.In all situations, change, if any, minus the transaction fee is sent back to completely new addresses in Tim’s HD wallet.
Note that only the set of UTXO closest to the amount to be paid is selected.
It is always approximately 3.2, 1.35, 1.2 or any other small amount that Tim would like to trade. The 500 BTC is never picked up; therefore, the address containing it is not exposed and it cannot be connected to the other addresses from where the UTXO is being sent.There’s no way to trace it to Tim by linking it to his other transaction activity, even though this address is available on the blockchain.Anna wants to find the identity of the address containing 500 BTC, so she sends some dust (0.000005 BTC) to that address. Note that the dust is also UTXO. It’s called dust because of its trivial value, which is often less than the minimum transaction fee required to send bitcoin. Anna can be a government entity or a service connected to identifying people in crypto. She could also be a hacker.
A snapshot of Tim’s HD wallet. HD wallets are far more complicated with multiple UTXOs of varying denomination under each address, but we’re keeping it simple for clarity.
Tim fails to recognize the dust and continues to trade with Binance, shop, and pay his friends. As long as the dust isn’t picked up, there’s no real problem. It’s important to note that different HD wallets employ their own strategy for picking up UTXO. However, if the dust is picked up along with the other UTXO in any future transaction, it is broadcast on the blockchain and the address is exposed.When that happens, Anna will be able to track all the addresses related to the dusted address that contains the 500 BTC. And it doesn’t stop there.
If the dust has been picked up with UTXO 5 from Address 4, for example, Anna will be able to see the entire transaction history for Address 4 — shops visited, payments made, trades with Binance, every single transaction is up on the blockchain.If Anna is a hacker, things can get ugly! As the Binance article suggested, hackers can use dust to identify their victims and then subject them to phishing attacks and cyber-extortion.If someone can tie your identity to specific BTC amounts, then that is as likely as anything to provide incentive for $5 wrench attacks, depending on how much you’re storing.
For a while, it has been claimed by some in cryptosecurity that ordering a hardware wallet is tantamount to doxxing yourself to anyone able to get ahold of your delivery information. Of course, specialized hardware is of little defense when someone is pointing a gun at you.As far as we know from reports in the media, the majority of $5 wrench attacks find their targets through word of mouth information. Someone gets a little drunk at a party and starts bragging about how much they are holding.These rather rudimentary tactics may be why we haven’t seen a massive influx of $5 wrench attack stories up to date, while other types of cybercriminal activity such as hacks on exchanges have proliferated. But when the dusting attack becomes part of the picture, it seems there is a serious threat that large hodlers could be targeted for their BTC amounts by much more efficient and well-informed kidnappers, the likes of which we have not seen in the past.
(Disclaimer: The Author is the Creator of the Cobo Vault)