Slide 7 · DoS vs Denial of Wallet
Two attack goals. One root cause.
Understanding the difference changes how you defend.
Goal: crash or overwhelm the server.
Signal: error rates spike, latency explodes, uptime drops.
Detection: obvious — the app stops working.
Attacker cost: bandwidth or a botnet.
Victim cost: downtime and recovery effort.
Goal: run up the bill, not crash the service.
Signal: high token usage — but the app looks fine.
Detection: delayed — you find out on the invoice.
Attacker cost: near zero (a few API calls or prompts).
Victim cost: thousands to tens of thousands of dollars.
The Asymmetry Is the Point
In a Denial of Wallet attack, the attacker spends almost nothing. A crafted prompt that forces a 50,000-token response costs the attacker fractions of a cent. The victim pays for every one of those 50,000 output tokens. At scale, that asymmetry is devastating.
Both Stem from the Same Gap
No resource ceiling. Whether the goal is a crash or a bill, the attack works because the application allows unlimited resource consumption. The same controls stop both.