Pages:
Author

Topic: Dust Attack, what it is, why it is dangerous and how to prevent falling to it - page 2. (Read 2095 times)

legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
<....>

BTW, that quoted message (freeze in the coins tab) is better than freezing addresses when it comes with "Dust Attacks"
since the usual targets are those frequently used, have been reusing and publicly displayed addresses.
If the user has frozen that address, he wont be able to spend his legitimate balance that was received through it.

I had a thought about choosing if freezing coins (UTXO) or address.
I chose to show the "freeze address" methodology because I supposed the dust attack would affect empty addresses.

If a dust attack hits an address with a positive balance it is no major damage, I think: the dust comes together in the address with some other UTXO's, so it would have been trivial to follow those coins without the dust in the first place. Dust acts as a not-so-cheap marker of your public UTXO's. You know you are bein tracked anyway on the blockchain, so you act consciously.

If a dust attack hits an empty address, you can actually damage your privacy, if you are not aware of this attack. If you spend from that address, you are probably going to use the dusted UTXO with your other UTXO's, effectively linking a "past" address of yours with your current transaction. This is very dangerous.

This is why I chose to select the "freeze address" procedure: I want to freeze dust on "empty" addresses only, because I think dust in addresses with UTXO's is not so dangerous, after all.

Please let me know if you dissent from this, so I can elaborate more in the guide.

EDIT:
I completely forgot about that message of yours here:

<...>
The attacker might be using a software that follows those specific UTXO, not the addresses themselves nor their previous outputs.
If he's sending more than once to some addresses, he might be trying to increase the transaction fee when the victim tries to consolidate or "spend-all" by adding additional inputs.

Or just trolling/advertising a fork (together with the previous reasons) since the first five addresses are proof-of-burn addresses with vague meaning.


Yes, it could be the case, but it looks highly un effective tactic. I really don get it why an user should do that.
If I had received those transactions, the last thing I would have done would have been, if I ever had realised the presence of such an "hidden message", it would have been to go and check that website.
If the objective would have been a "spam attack" to increase the network fees, well there would have been other, more efficient ways to do so.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
I use Electrum wallet but I did not pay my attention on Freeze option. I did not know Freeze is used to avoid Dust Attack. Beyond Dust Attack, any other use cases for the Freeze option in Electrum wallet, can you share more?
-snip-
It's also for "coin control" when there're more inputs to spend than the to-be-excluded.
It's easier to freeze the unwanted UTXO(s) (coins tab) than selecting multiple inputs, specially when there are hundreds of them.

I feel worry what will happen after use Freeze and with search my fear is cleaned away. Frozen address can be unfrozen and it is simple to do. If misclick to Freeze one address, people can do backward Unfreeze that address later.

Quote
Frozen coins: In the same vein as frozen addresses you can also freeze individual unspent outputs which are also known as utxos or coins in the jargon. Frozen utxos show up with a coloured background on the coins tab. If the coins tab is not visible go to view menu > show coins to make it appear. To unfreeze a specific utxo just right click it and choose to unfreeze from the context menu that appears.
That's because it's a local wallet feature that won't affect the blockchain.
All it does is exclude those frozen addresses/coins whenever the wallet needs to automatically select inputs for your transactions.

BTW, that quoted message (freeze in the coins tab) is better than freezing addresses when it comes with "Dust Attacks"
since the usual targets are those frequently used, have been reusing and publicly displayed addresses.
If the user has frozen that address, he wont be able to spend his legitimate balance that was received through it.
hero member
Activity: 1722
Merit: 801
I use Electrum wallet but I did not pay my attention on Freeze option. I did not know Freeze is used to avoid Dust Attack. Beyond Dust Attack, any other use cases for the Freeze option in Electrum wallet, can you share more?

I feel worry what will happen after use Freeze and with search my fear is cleaned away. Frozen address can be unfrozen and it is simple to do. If misclick to Freeze one address, people can do backward Unfreeze that address later.

Quote
Frozen coins: In the same vein as frozen addresses you can also freeze individual unspent outputs which are also known as utxos or coins in the jargon. Frozen utxos show up with a coloured background on the coins tab. If the coins tab is not visible go to view menu > show coins to make it appear. To unfreeze a specific utxo just right click it and choose to unfreeze from the context menu that appears.

https://bitcoinelectrum.com/frequently-asked-questions/
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
In order to make the things more clear, I will detail how to mark some address as freezed so that the dusted coins do not mark other clean coins:

There are two separate possible case:
  • If a dust attack hits an empty address, you can actually damage your privacy, if you are not aware of this attack. If you spend from that address, you are probably going to use the dusted UTXO with your other UTXO's, effectively linking a "past" address of yours with your current transaction. This is very dangerous.
  • If a dust attack hits an address with a positive balance it is no major damage, I think: the dust comes together in the address with some other UTXO's, so it would have been trivial to follow those coins without the dust in the first place. Dust acts as a not-so-cheap marker of your public UTXO's. You know you are being tracked anyway on the blockchain, so you act consciously.

The action to be taken are then different:
  • If the dusted address is empty: "Freeze address", this will prevent using the address in any future operation in the wallet
  • If the dusted address is not empty: "Freeze Coin", this will freeze only the dusted UTXO (you can think as UTXO and Coins as synonymous, while the address will be able to spend the UTXO as usual.


ELECTRUM
I will show you the coin Control feature in Electrum, one of the most used wallet to offer such a feature.
If you are using another wallet and you get dusted, my suggestion is to import your wallet in Electrum and do the following steps.

To avoid privacy concerns I created a test wallet, dusted it and censored some relevant information.

This is the dusted Wallet.


I am assuming the dust hits an empty address, maybe one I used in the past and is now empty after a spend.


Freeze Address
Since the address is empty, and the only associated UTXO is dusted, I decide to block the whole address.
This will make this address unable to spend any coin.


1.Make Electrum show all your Addresses.
Click on "View" menù, select "Show Addresses"



2. Locate the address where you received the dust.
You might want to label it. In this case it is easy, as it is the only one address with a positive balance. In your case you might have many positive addresses.



3. Freeze the dusted address.
Right Click on the dusted address, select "Freeze"



4. The Address is now Freezed.
The address is highlighted in dark Blue



From now on, all the UTXO pertaining that address won't be used until the address is Freezed.
Those UTXO won't mix with other "clean" UTXO then, defending us from the Dusting Attack.


Freeze Coin

In case you receive the dust on an address with some other coins, you might not lose such coins. Then you can freeze the dust UTXO only.

1.Make Electrum show all your Coins.
Click on "View" menù, select "Show Coins"



2. Locate the UTXO that are the Dust.
You might want to label it. In this case it is easy, as it is the only one UTXO. In your case you might have many UTXO's.



3. Freeze the Coins.
Right Click on the dusted address, select "Freeze"



4. The Coin is now Freezed.
The coin is highlighted in dark Blue, and won't be spent in future transactions.


legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
Important point. Since our escrow isn't using SegWit here, that might get a bigger issue.  Undecided
We'll watch it carefully.
Since there were already two dust UTXOs, you can now send them to a black-hole/dust-donation address using "coin-control" to get rid of them.
As long as the transaction doesn't reach 547B or above with 1sat/B fee rate, it will be valid with 547sat output.

Or use coin control when sending the price money.
Electrum has a useful "freeze coin/address" feature that will make this easy, as well as coin-control.
Ok, I will suggest this as a solution.
Many thanks for your help!


Coin control is the key, when dealing with dust attack. I thought I made clear in the OP, but apparently it didn’t catch your attention. I will edit OP to detail exactly how to do this in at least a couple of Wallet (Electrum and Wasabi, just to start).
legendary
Activity: 2226
Merit: 6947
Currently not much available - see my websitelink
Important point. Since our escrow isn't using SegWit here, that might get a bigger issue.  Undecided
We'll watch it carefully.
Since there were already two dust UTXOs, you can now send them to a black-hole/dust-donation address using "coin-control" to get rid of them.
As long as the transaction doesn't reach 547B or above with 1sat/B fee rate, it will be valid with 547sat output.

Or use coin control when sending the price money.
Electrum has a useful "freeze coin/address" feature that will make this easy, as well as coin-control.
Ok, I will suggest this as a solution.
Many thanks for your help!



In fact dust the addresses! you can make a fake competition and a long list of your own addresses and wait for them to send you money.
Yes, but 547 Sats are not much. At least right now.  Cheesy


but if your fake "potential criminals list" competition in a suspicious area of the net contained a thousand addresses

That's over 5 bitcoin right?
5 BTC? That would be nice but I think it's 1000 x 0.00000547 = 0.00547 BTC ?
Or how did you calculate 5 BTCCheesy



Reading this thread, I expect they do it to targeted and then associated addresses. But hey if they are lifting things from the forum, as in the football pool example? it might work. (I suppose there was a google docs? as there usualy is? with all the addresses? maybe another place they are targeting
It is an escrow address from willi9974 who is escrowing our funds. I don't know where he has used this address additionally.  Cheesy
legendary
Activity: 2702
Merit: 2053
Free spirit
In fact dust the addresses! you can make a fake competition and a long list of your own addresses and wait for them to send you money.
Yes, but 547 Sats are not much. At least right now.  Cheesy


but if your fake "potential criminals list" competition in a suspicious area of the net contained a thousand addresses

That's over 5 bitcoin right?

Reading this thread, I expect they do it to targeted and then associated addresses. But hey if they are lifting things from the forum, as in the football pool example? it might work. (I suppose there was a google docs? as there usualy is? with all the addresses? maybe another place they are targeting
legendary
Activity: 3836
Merit: 4969
Doomed to see the future and unable to prevent it
Pretty scary for Cryptocurrency enthusiast when they want privacy and scumbags dox this people, pretty crazy in regards to things that they do not get anything from it. Doxing is pretty scary especially if you are a private person.

SHUM
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Important point. Since our escrow isn't using SegWit here, that might get a bigger issue.  Undecided
We'll watch it carefully.
Since there were already two dust UTXOs, you can now send them to a black-hole/dust-donation address using "coin-control" to get rid of them.
As long as the transaction doesn't reach 547B or above with 1sat/B fee rate, it will be valid with 547sat output.

Or use coin control when sending the price money.
Electrum has a useful "freeze coin/address" feature that will make this easy, as well as coin-control.
legendary
Activity: 2226
Merit: 6947
Currently not much available - see my websitelink
In fact dust the addresses! you can make a fake competition and a long list of your own addresses and wait for them to send you money.
Yes, but 547 Sats are not much. At least right now.  Cheesy



The attacker might be using a software that follows those specific UTXO, not the addresses themselves nor their previous outputs.
If he's sending more than once to some addresses, he might be trying to increase the transaction fee when the victim tries to consolidate or "spend-all" by adding additional inputs.
Important point. Since our escrow isn't using SegWit here, that might get a bigger issue.  Undecided
We'll watch it carefully.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
This is a very interesting read.
I've heard of these attacks before, but I never understood how a person could be threatened.


  • Extremizing: an exchange that offers you $ 30 to register, after KYC, is practically performing a dust attack. Except that in that case, using the chain analysis company you just bought, you can perform a very efficient tracking of your UTXOs. Do you think this is an impossible scenario? it already happened.

Quote
it already happened.

Do you have any references for this information? It would be interesting to read a little about this IRL attack.
Looking at it, this is a threat only to people who have a lot of accumulated coins.


I was referring to Coinbase.
Coinbase offered Wlecome Bonus to make sure you wanted to grab 30$ worth of Bitcoin, and do stupid things with those.
They also had the EARN proram, where they give you some obscure shitcoin for watching a few videos and then hope, again, you do stupid things with those coins.

Just remember:
Coinbase the most anti-Bitcoin organisation. Make #DeleteCoinbase great again
jr. member
Activity: 46
Merit: 66
#WeAreAllHodlonaut
This is a very interesting read.
I've heard of these attacks before, but I never understood how a person could be threatened.


  • Extremizing: an exchange that offers you $ 30 to register, after KYC, is practically performing a dust attack. Except that in that case, using the chain analysis company you just bought, you can perform a very efficient tracking of your UTXOs. Do you think this is an impossible scenario? it already happened.

Quote
it already happened.

Do you have any references for this information? It would be interesting to read a little about this IRL attack.
Looking at it, this is a threat only to people who have a lot of accumulated coins.

Another scenario,
If I am attacked this way, and then I decide to buy something with these satoshis, and if the buyer eventually puts the coins in their savings address, no one can prove that these coins are mine.

N.B. Quoting a part of a list is awful.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
My first impression was a dust attack but it makes no sense because our escrow address is public and contains funds anyway...
-snip-
Does anyone have an explanation?  Huh
The attacker might be using a software that follows those specific UTXO, not the addresses themselves nor their previous outputs.
If he's sending more than once to some addresses, he might be trying to increase the transaction fee when the victim tries to consolidate or "spend-all" by adding additional inputs.

Or just trolling/advertising a fork (together with the previous reasons) since the first five addresses are proof-of-burn addresses with vague meaning.

BTW, It doesn't end there, the change was spent by another 608 output transaction series (until it's empty? I didn't checked until the last).
And it wasn't even the start of that series of 20,000vB transactions, those transactions are somewhere in the middle
so this must be a large scale dust attack.

-edit-

It pointed me to this page (based from those first five addresses): https://memo.sv/topic/hmwyda
You can easily spot it, These are the first five addresses:
1Lets1xxxx1use1xxxxxxxxxxxy2EaMkJ
1fuLL1xxxx1power1xxxxxxxxxxzatvCK
1of1xxxxx1anonymity1xxxxxxxz9JzFN
1See1xxxx1memo1xxxxxxxxxxxxxBuhPF
1dot1xxxxx1sv1xxxxxxxxxxxxxwYqEEt
1topic1xxx1hmwyda1xxxxxxxxxvo8wMn
1xxxxxxxxxxxxxxxxxxxxxxxxxy1kmdGr
And it looks like the trolling/attack is not not exclusive to Bitcoin's chain.

But hey, bitcoin is transparent and verifiable anyway whats the problem?
But others wont be able to tell which ones belong to an ID/person unless for example:
he publicly displays that address or used to withdraw/deposit from/to an Exchange or service with KYC.
That what these kind of attacks are uncovering: linking a public/identified address(es) to another or to undisclosed ones.
legendary
Activity: 2702
Merit: 2053
Free spirit
Any opinions here:

an unknown person has sent 547 Satoshis to our escrow address:

This transaction happened 2 days ago and just now someone sent again 547 Sats to our escrow address:

Free money, I need to join up to more public facing bitcoin competitions.

If they are spreading marking transaction about, who cares.

In fact dust the addresses! you can make a fake competition and a long list of your own addresses and wait for them to send you money.

Just don't use your own address. An hope one doesn't land in your super secret wallet I guess.

But hey, bitcoin is transparent and verifiable anyway whats the problem?
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
Sure, that's practically so true and possible. Especially amongst people who participate in multiple bounty campagnes and with the public nature of the wallet address. Your wallet is just everywhere by that singular act of always publicizing your wallet address also as seen on some forum users profile. But then, that is not a bad thing at all as, it allows coins come in and not go out without due authorization.
Hence, dusting comes to play with the idea of accumulation which then pays the price. Having your identity in the wrong hands especially criminals as that could be such a bad thing when you've got something of worth. Play safe people, question yourself over any unexpected coin you get and apply caution.

Agree. Safety is important: know your public addresses and track them: know where every stats comes from. Do not do stupid things with unknown coins, like consolidating with your own sats, using them in a payment, for example.
hero member
Activity: 1288
Merit: 504
Sure, that's practically so true and possible. Especially amongst people who participate in multiple bounty campagnes and with the public nature of the wallet address. Your wallet is just everywhere by that singular act of always publicizing your wallet address also as seen on some forum users profile. But then, that is not a bad thing at all as, it allows coins come in and not go out without due authorization.
Hence, dusting comes to play with the idea of accumulation which then pays the price. Having your identity in the wrong hands especially criminals as that could be such a bad thing when you've got something of worth. Play safe people, question yourself over any unexpected coin you get and apply caution.
legendary
Activity: 2226
Merit: 6947
Currently not much available - see my websitelink
Any opinions here:

We are organizing a football betting challenge similar to this one: Sportsbet.io's English Premier League Football Pool Sign-Up Thread 0.0045 2 Join

People have to pay 2 mBTC to register and we will use this BTC as winner price. Now, an unknown person has sent 547 Satoshis to our escrow address: https://blockchair.com/bitcoin/transaction/d3239fcd4ed507b1943ea4fe3cec19fff380d9cfb96d5a3b27bfba549be74a18

It's one of more than 500 addresses where 547 Satoshis each were also sent by that unknown address:




My first impression was a dust attack but it makes no sense because our escrow address is public and contains funds anyway...

This transaction happened 2 days ago and just now someone sent again 547 Sats to our escrow address: https://blockchair.com/bitcoin/address/1LC8VWsLBnaXq7v6vRuxbUYNj4frpmtnUg
Does anyone have an explanation?  Huh
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
Dust Attack hitting the news again on Coindesk:

Dust Attacks Make a Mess in Bitcoin Wallets, but There Could Be a Fix

Quote
When dust settles in your home, you wipe it up. But what about when unwanted dust makes its way into your bitcoin wallet? Well, cleaning it up may not be so simple

Nothing new, or nothing already written in this thread.

Two passages need a special comment, in my opinion:
Quote
CoinDesk reached out to Chainalysis and CipherTrace to ask if they use dust in their analytics. Both companies denied using this technique, though Chainalysis Manager of Investigation Justin Maile added that dusting is “more often [used] by investigators” to trace illicit funds. Maile continued that exchanges may use dusting to trace stolen funds following a hack.

LOL!
Of course they don't do that! But other do that!
Facepalm. Broken Logic. Hypocrisy.
Chain analysis firm are bad.
Bonus Read: A treatise on privacy

Also this one:
Quote
“When the dust is consolidated with the user’s other funds, it helps with chain analytics by making it easier to cluster addresses,” Sergej Kotliar, the CEO of Bitrefill, told CoinDesk. If users don’t consolidate the unspent transactions (UTXOs), then they don’t need to worry about their anonymity. However, most wallets automatically consolidate UTXOs when a user creates a transaction, so this can be tough to navigate around unless you are choosing which UTXOs to spend manually.

This is exactly the point: they send you the dust hoping you do stupid things with that (like consolidating with your existent UTXO).
Please note that consolidating doesn't mean aggregate the outputs, something that might require your intervention, but also aggregating those UTXO's as a transaction input. Something a wallet could do, if you don't take the necessary precautions.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
A nice read about dust attacks I found recently, even if the article itself is quite old:

Bitcoin Data Science (Pt. 3): Dust & Thermodynamics

It contains, for the most technical experts, a good technical analyis of dust, how it is created, and how it is sort of "natural" in bitcoin system.
What it is not natural is the malicious use you can do with dust.

Quote
We examine the history and future of dust: containers (UTXOs) of bitcoin that cost more to spend in fees than they hold.

The amount of dust in the blockchain is determined by the current UTXO set and transaction fee market. At peak fees (~December 2017), between 25–50% of the UTXOs in the Bitcoin blockchain could have been called dust! At the same time, the amount of BTC contained in these dusty UTXOs was small: only a few tens of millions of dollars. So, depending on how you measure it, dust is either a huge problem or a trivial one. Either way, we discuss possible solutions for minimizing new dust and cleaning up existing dust.

Proof-of-work strongly anchors bitcoin in the physical world and makes it subject to the laws of thermodynamics. Energy expended by miners secures the blockchain, but this useful work is accompanied by an increase in entropy and the production of waste heat. If the Bitcoin blockchain were an engine, dusty UTXOs would be a part of the waste heat it exhausts. As no engine is perfectly efficient, Bitcoin will never stop making dust.


legendary
Activity: 1134
Merit: 1599
IF you use your Ledger togheter with Electrum you can use the "freeze Coin" option:

Quote
What does it mean to “freeze” an address in Electrum?
When you freeze an address, the funds in that address will not be used for sending bitcoins. You cannot send bitcoins if you don’t have enough funds in the non-frozen addresses.

https://electrum.readthedocs.io/en/latest/faq.html#what-does-it-mean-to-freeze-an-address-in-electrum

Thanks. I don't use it with Electrum, unfortunately.
Anyway, I thought there might've been some risk if I'd spend my BTC balance with the dust from it too, but as soon as it hasn't been connected in any way to my identity ever since I started using Bitcoin, I think I'm fine. I don't plan to share my ID with anyone in the near future either.

I've browsed a little through my transactions and apparently I cannot find the Bitcoin dust txid. Might have been a paper wallet or my mobile one. I've found two of the dust transactions I had through alts though, I'm going off-topic but I'll leave the information here in case anyone is interested to research them.

First, the most recent dust tx, we have a Ripple transaction with a memo (description) attached to it: "NETWORK ANNOUNCEMENT: Ripple unlocks 50% stake in XRP, indicates massive airdrop www.*hidden fraud domain*". Seems like someone tried to scam by sending dust XRP with links in memos. I looked the memo up on Google and found this wallet: https://bithomp.com/explorer/rpWhspQz4DX5N5NoPDpvFtkcpyZiNa9Uv1, which confirms my doubts.

A second dust sent to my wallet was through a LTC tx: https://live.blockcypher.com/ltc/tx/c0ad0412027347d137f5f8c18ad0b61064d7051a8b57f97d09101bceabfd8c07/. The user apparently sent this to 2000+ different wallets.
Pages:
Jump to: