Bitcoin Wallet Samourai Warns Users of “Dusting Attack”
On October 25, 2018, the privacy-centric cryptocurrency wallet Samourai warned users via Twitter of a new type of tracking tactic called a “dusting attack.”
Biting the Dust
According to tweets, the attack is an attempt to compromise the security and privacy of Samourai users by using “coin dust” to deanonymize users and linking their transactional inputs together.
Attackers transfer a minimal amount of bitcoin to a user’s wallet and link it with other input fees spent during transactions to trace the “dust.” However, Samourai advises users to mark such transactions as “Do Not Spend,” and ensure their privacy is maintained.
For the uninitiated, by sending a tiny “unspent transaction output” (UTXO), a user’s wallet will include the respective amount and several other UTXOs – known as merging inputs – the next time a purchase is made. With this, the attackers would know which wallet controls other UTXOs and potentially target such flagged wallets for a hack.
Twitter users were grateful for the timely warning. However, usage of the term “dusting attack” is limited to the firm’s tweet; meaning there’s a stark lack of understanding and explanation beyond Samourai’s warning thread.
Many suggested various methods to avoid potential attacks and deal with affected wallets, such as specifying a lower limit on “unspent” alerts about received transactions.
Sticking to Bitcoin’s Privacy Ethos
Samourai remains dedicated to enhance user security and continuously improving its cold storage crypto wallet. The firm has taken several steps to provide a superior experience to application users, setting bold industry standards in the process.
In September 2018, the firm decided to disable fiat conversions on its application, citing general concerns about users appraising bitcoin relative to USD and stating they will “never be ready” for embracing cryptocurrencies in their true value.
The firm’s somewhat unconventional decision placed a “Satoshi,” or the smallest unit of a bitcoin, at the center of all transactions instead of dollars. However, they decided to continue fiat listing for the Samourai Sentinel, an offline wallet that uses private keys to process transactions and is aimed at merchants and local retailers.