A very strange dust attack or an attempted robbery?

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: NotATether on September 12, 2023, 01:32:53 AM

besides he just copied first 2 and last 4 characters.

Yeah, it's the poor mans scam for sure Cheesy

The scammer probably had a slow machine that couldn't brute force more than 2 from the start and 4 checksum characters. In fact the forth letter was the first thing I noticed that helped me recognize the difference.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

It seems that the attacker is not making any vanity bech32 addresses according to the explanation in OP, just legacy addresses.

I mean what is this guy thinking. Does he really think some random guy is going to send money to address he just got sats from? Most likely what will happen is they will just keep the sats and not send it anywhere. It's a pretty lame scam attempt that won't work at all - besides he just copied first 2 and last 4 characters.

MusaMohamed

sr. member

Activity: 966

Merit: 306

Quote from: pooya87 on September 11, 2023, 11:58:21 PM

I believe what @albert0bsd means by "block" is to either "freeze" or "hide" these outputs either manually or automatically so that you don't see them when spending from your wallet to avoid such mistakes. For example Electrum has manual output/coin freezing option.

You are right.
To freeze an address, right click on that address, choose Freeze.
To freeze an UTXO, right click on that address, choose Add to Coin control. Then on Coins tab, right click on an UTXO, choose Freeze (two options, Freeze coins; Freeze address).

Dust Attack, what it is, why it is dangerous and how to prevent falling to it
Freeze an address in Electrum
Guide to freeze address in Electrum wallet

Kakmakr

legendary

Activity: 3542

Merit: 1965

Leading Crypto Sports Betting & Casino Platform

It surely is a lot of trouble for the small chance that people will actually "copy&paste" the wrong address? In any way, since the "Clipboard" attacks, I am double checking all addresses I use, before I click on the "enter" button, because I know they try things similar to this in that hack.

It is sad that people will go so far and put in so much effort to steal people's money, when they have the skills to work for that money. I guess it is easier to steal, than making an honest living these days. Angry

un_rank

hero member

Activity: 644

Merit: 661

- Jay -

Quote from: sheenshane on September 11, 2023, 05:57:20 PM

I'm confused about where they get those thousands of addresses for dust attacks.

Technically, I don't know how this works further with them but I think this wasting of time since we know most people will always double-check transactions before sending or transferring to another address.

There are ways they can do that.

Most people will most of the time double check just the first and last few words, there can still be loopholes which scammers can exploit. Scammers are after the few times where we forget to double check or after those users that do not check at all.

Quote from: pooya87 on September 11, 2023, 11:58:21 PM

I believe what @albert0bsd means by "block" is to either "freeze" or "hide" these outputs either manually or automatically so that you don't see them when spending from your wallet to avoid such mistakes. For example Electrum has manual output/coin freezing option.

AFAIK some wallets allow one to do this manually after they have already received the dust transaction or any type of transaction that they will not want to be mixed with their other outputs, but I do not know of any automatic way to do this, where an incoming transaction gets automatically frozen based on some preset rules, like:
- less than a certain amount of sats or,
- from a certain address.

This will be a useful but I do not know if it is available now.

- Jay -

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: Z-tight on September 11, 2023, 05:26:32 PM

Quote from: albert0bsd on September 11, 2023, 05:12:15 PM

-Using a good wallet that lets you block incoming dust transactions is a smart move.

You cannot block incoming tx's into your wallet, in other words you can't stop someone from sending you BTC's.

I believe what @albert0bsd means by "block" is to either "freeze" or "hide" these outputs either manually or automatically so that you don't see them when spending from your wallet to avoid such mistakes. For example Electrum has manual output/coin freezing option.

MusaMohamed

sr. member

Activity: 966

Merit: 306

They move from altcoins to Bitcoin but using a same method for Address Poisoning Attacks.

Metamask: Address Poisoning scams

I see many exchanges recent years upgrade their systems to remind users to check first and last characters of address they are sending cryptocurrency to. In addition, if possible, if have time (I am surely have time because it's my money), checking all characters or some characters in the middle of address is useful to avoid Address Poisoning scams.

How to lose your Bitcoins with CTRL-C CTRL-V. Copy some characters in the middle of address and find it in a receiving address is helpful too.

sheenshane

legendary

Activity: 2492

Merit: 1232

I'm confused about where they get those thousands of addresses for dust attacks.

Technically, I don't know how this works further with them but I think this wasting of time since we know most people will always double-check transactions before sending or transferring to another address.

I remember last year one of my Bitcoin addresses was part of a dust attack but I successfully withdrew it and nothing happened.

By the way OP, thanks for sharing this.

nelson4lov

hero member

Activity: 2212

Merit: 805

Top Crypto Casino

Quote from: DVlog on September 11, 2023, 03:56:48 PM

People selected their address from the transaction history! Why Someone would do that when they could select their address from the receive button. Such careless people are the victims in most of the cases, I think. It is pretty annoying to cross-check every character, so I think name service is the most convenient way for a user. I am not sure if there is any for making transactions with bitcoin or not, but it is pretty popular in EVM-based blockchain.

Name services are cool but they're not well integrated to platforms that support EVM-based services and I haven't heard about any for Bitcoin. I'm not surprised that some users still fall victim to these kind of attacks and there's the clipboard hack as well that allows a user copy their address but when it's time to paste, it pastes a similar address like the ones posted in OP that has almost or the same first and last few characters.

Only way is for users to take full responsibility and be super careful whenever they want to spend BTC.

albert0bsd

hero member

Activity: 862

Merit: 662

Quote from: Z-tight on September 11, 2023, 05:26:32 PM

You cannot block incoming tx's into your wallet, in other words you can't stop someone from sending you BTC's.

Yes you are right we can't block those input TX. What i mean it was hidden it or at least to have a way block the UTXO preventing to be spend it to another of our own address.

And yes just like you said we can spend it with out problem to another address as payment to someone else, we can said, thanks for pay our fees

_BlackStar

legendary

Activity: 1064

Merit: 1228

Playgram - The Telegram Casino

I'm not sure how many users are fooled by these strange attacks - but I think it's true that the success rate of these attacks is very low. In fact I'm sure some of the destination addresses are addresses that were never actually used and those dust transactions were the only transactions available in history.

For example, for this address: https://blockchair.com/bitcoin/address/1GZKQVjY21SAas1tjnibAHHHNF9B8nKeR7

Quote

1GZ3EfTjHVxLqnKi7yhEGCoffdATJEKeR7 2.49BTC
1GZKQVjY21SAas1tjnibAHHHNF9B8nKeR7 dust

Z-tight

hero member

Activity: 994

Merit: 1089

Quote from: Volgastallion on September 11, 2023, 03:48:15 PM

I have my adress linked on a favorite page in the browser, for example in blockchair or whatever, also in ninjastatic , if you put an adress here in the forum can work. So i only copy paste the adress from there.

These are not recommended places to copy your wallets address if you want to avoid this kind of attack. Copy your wallet address only from your wallets addresses tab, or you select or generate new addresses from your wallets receive tab so you wouldn't reuse addresses, which is both bad for privacy and vulnerable to this attack.

Quote from: albert0bsd on September 11, 2023, 05:12:15 PM

-Never be too quick to spend funds you've received, especially if it's a small and strange transaction.

You can spend dust tx's and it is not risky to do so if you know what you are doing, sometimes dust attack is an attack on your privacy and a way an attacker can link your utxo's if you spend the dust utxo with the others in your wallet, using coin control is one way of spending dust tx's without losing your privacy.

Quote from: albert0bsd on September 11, 2023, 05:12:15 PM

-Using a good wallet that lets you block incoming dust transactions is a smart move.

You cannot block incoming tx's into your wallet, in other words you can't stop someone from sending you BTC's.

Text

hero member

Activity: 2464

Merit: 594

This scenario is indeed unusual and suspicious, possibly indicating an attempted scam or a variant of a 'dusting attack' with a unique approach. The attacker's precise motive is misdirection: they aim to confuse users into sending their funds to the wrong address by generating addresses that closely resemble the legitimate ones. The attacker will succeed if the user accidentally copies the attacker's address instead of their own during a transaction.

This is new information to me, and I'm thankful I came across this thread to learn about it. Now that I'm aware of this type of trick, I'll be more cautious and double-check addresses to ensure they are identical when conducting Bitcoin transactions.

albert0bsd

hero member

Activity: 862

Merit: 662

Thank you for sharing your post, as this kind of awareness is vital for ensuring the security of our satoshis.

Yes they expect that some less experienced users fall for it.

Some recomendations for new users will be:

-Never be too quick to spend funds you've received, especially if it's a small and strange transaction.
-Always make sure the FULL destination address matches where you want your money to go.
-Using a good wallet that lets you block incoming dust transactions is a smart move.
-You've gotta be careful, and don't rush into sending money without double-checking everything.

It's kind of frustrating that those scammers always try always shady tactics, but by sharing info and educating others i think that we are doing it good

Regads!

EL MOHA

sr. member

Activity: 504

Merit: 279

Quote from: DVlog on September 11, 2023, 03:56:48 PM

People selected their address from the transaction history! Why Someone would do that when they could select their address from the receive button. Such careless people are the victims in most of the cases, I think. It is pretty annoying to cross-check every character, so I think name service is the most convenient way for a user. I am not sure if there is any for making transactions with bitcoin or not, but it is pretty popular in EVM-based blockchain.

Name service is definitely a bad idea because it requires a some certain extensions or plugins to save them and generate a name to this alphanumerics. This kind of service is even more dangerous or easy to attack than randomly copying the address. Just like the copy and paste address is prone to keyboard malware’s this also is too. It is more dangerous again because you definitely need to expose your address to the internet, an attacker can also temper with such sites and change the address without you knowing through malware.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: Faisal2202 on September 11, 2023, 11:55:39 AM

This is Address poisoning attack. Not something new....

But with GPUs getting more and more powerful it's starting to show up more since what would have used to be days or weeks of trying to get an address is now seconds.

You can import one of many lists of addresses with balances and then get 6 or 7 characters in just about no time.

I'm 100% sure there is some hack of vanitysearch out there that would do it. Heck VS might actually do it, I didn't look.

-Dave

DVlog

full member

Activity: 504

Merit: 212

Quote from: Z-tight on September 11, 2023, 03:29:49 PM

Quote from: DVlog on September 11, 2023, 01:12:26 PM

a dust attack can put a red flag into the owner's mind that their wallet is targeted by a scammer. So they will be more cautious every time they do something with their wallet.

Because you can't stop someone from sending you BTC's, any user with a BTC address can be attacked with a dust transaction, and it doesn't mean they are exactly targeted by scammers. Nevertheless it is easy to avoid dust attacks if you know what you are doing, addresses should never be selected from your transaction history and you should fully crosscheck all the characters in your address and not only the first and last characters.

People selected their address from the transaction history! Why Someone would do that when they could select their address from the receive button. Such careless people are the victims in most of the cases, I think. It is pretty annoying to cross-check every character, so I think name service is the most convenient way for a user. I am not sure if there is any for making transactions with bitcoin or not, but it is pretty popular in EVM-based blockchain.

Volgastallion

sr. member

Activity: 616

Merit: 314

CONTEST ORGANIZER

Hi thanks you for sharing this cases and this information very valuable for us.

First of all one thing, i also do the check only with the start and the finish part of the adress, but when i heard about this kind of attack i do something to prevent my to fall into this trap.

I have my adress linked on a favorite page in the browser, for example in blockchair or whatever, also in ninjastatic , if you put an adress here in the forum can work. So i only copy paste the adress from there.

Its ok to do this simple trick to avoid this attack? Or im making a shit movement?

Z-tight

hero member

Activity: 994

Merit: 1089

Quote from: DVlog on September 11, 2023, 01:12:26 PM

a dust attack can put a red flag into the owner's mind that their wallet is targeted by a scammer. So they will be more cautious every time they do something with their wallet.

Because you can't stop someone from sending you BTC's, any user with a BTC address can be attacked with a dust transaction, and it doesn't mean they are exactly targeted by scammers. Nevertheless it is easy to avoid dust attacks if you know what you are doing, addresses should never be selected from your transaction history and you should fully crosscheck all the characters in your address and not only the first and last characters.

Quote from: aoluain on September 11, 2023, 01:32:38 PM

This type if attack seems complex and seems to rely as posted above on a deal of luck

Just like most scams, you have to be lucky that you get victims who don't know what they are doing.

hugeblack

legendary

Activity: 2688

Merit: 3983

I used to see such attacks on the Ethereum blockchain, where they exploit a loophole that allows sending zero transactions from your wallet, but such attacks can be solved at the level of explorer or the wallet, either by hiding dust transactions or preventing spending from them, although I suspected that these attacks would be random to this degree due to the need for extra resources in brute force.

Moving this topic to Beginners & Help would be better.

Topic: A very strange dust attack or an attempted robbery? (Read 275 times)