On October 25, 2018, the privacy-centric cryptocurrency wallet Samourai warned users via Twitter of a new type of tracking tactic called a “dusting attack.”
Biting the Dust
According to tweets, the attack is an attempt to compromise the security and privacy of Samourai users by using “coin dust” to deanonymize users and linking their transactional inputs together.
Attackers transfer a minimal amount of bitcoin to a user’s wallet and link it with other input fees spent during transactions to trace the “dust.” However, Samourai advises users to mark such transactions as “Do Not Spend,” and ensure their privacy is maintained.
If you have recently received a very small amount of BTC in your wallet unexpectedly, you may be the target of a «dusting attack» designed to deanonymise you by linking your inputs together – Samourai users can mark this utxo as «Do Not Spend» to nip the attack in the bud. pic.twitter.com/23MLFj4eXQ
— Samourai Wallet (@SamouraiWallet) October 25, 2018
For the uninitiated, by sending a tiny “unspent transaction output” (UTXO), a user’s wallet will include the respective amount and several other UTXOs – known as merging inputs – the next time a purchase is made. With this, the attackers would know which wallet controls other UTXOs and potentially target such flagged wallets for a hack.
Twitter users were grateful for the timely warning. However, usage of the term “dusting attack” is limited to the firm’s tweet; meaning there’s a stark lack of understanding and explanation beyond Samourai’s warning thread.
Many suggested various methods to avoid potential attacks and deal with affected wallets, such as specifying a lower limit on “unspent” alerts about received transactions.
Can this be done as a filter for every utxo below specific amount to be marked as «do not spend» ?
— premine apologist (@decentrali) October 25, 2018
Is this alert limit customizable? For example if I don’t expect to receive anything less than 10K sats I might want to increase that alert to cover more than 546 sats, e.g. to avoid 547 sat attacks etc.
— Halvening🔜2020 (@Halvening2020) October 25, 2018
Sticking to Bitcoin’s Privacy Ethos
Samourai remains dedicated to enhance user security and continuously improving its cold storage crypto wallet. The firm has taken several steps to provide a superior experience to application users, setting bold industry standards in the process.
In September 2018, the firm decided to disable fiat conversions on its application, citing general concerns about users appraising bitcoin relative to USD and stating they will “never be ready” for embracing cryptocurrencies in their true value.
The firm’s somewhat unconventional decision placed a “Satoshi,” or the smallest unit of a bitcoin, at the center of all transactions instead of dollars. However, they decided to continue fiat listing for the Samourai Sentinel, an offline wallet that uses private keys to process transactions and is aimed at merchants and local retailers.