Topic: Dust Attack, what it is, why it is dangerous and how to prevent falling to it - page 2. (Read 2089 times)

I had a thought about choosing if freezing coins (UTXO) or address.
I chose to show the "freeze address" methodology because I supposed the dust attack would affect empty addresses.

If a dust attack hits an address with a positive balance it is no major damage, I think: the dust comes together in the address with some other UTXO's, so it would have been trivial to follow those coins without the dust in the first place. Dust acts as a not-so-cheap marker of your public UTXO's. You know you are bein tracked anyway on the blockchain, so you act consciously.

If a dust attack hits an empty address, you can actually damage your privacy, if you are not aware of this attack. If you spend from that address, you are probably going to use the dusted UTXO with your other UTXO's, effectively linking a "past" address of yours with your current transaction. This is very dangerous.

This is why I chose to select the "freeze address" procedure: I want to freeze dust on "empty" addresses only, because I think dust in addresses with UTXO's is not so dangerous, after all.

Please let me know if you dissent from this, so I can elaborate more in the guide.

EDIT:
I completely forgot about that message of yours here:


Yes, it could be the case, but it looks highly un effective tactic. I really don get it why an user should do that.
If I had received those transactions, the last thing I would have done would have been, if I ever had realised the presence of such an "hidden message", it would have been to go and check that website.
If the objective would have been a "spam attack" to increase the network fees, well there would have been other, more efficient ways to do so.

It's also for "coin control" when there're more inputs to spend than the to-be-excluded.
It's easier to freeze the unwanted UTXO(s) (coins tab) than selecting multiple inputs, specially when there are hundreds of them.

That's because it's a local wallet feature that won't affect the blockchain.
All it does is exclude those frozen addresses/coins whenever the wallet needs to automatically select inputs for your transactions.

BTW, that quoted message (freeze in the coins tab) is better than freezing addresses when it comes with "Dust Attacks"
since the usual targets are those frequently used, have been reusing and publicly displayed addresses.
If the user has frozen that address, he wont be able to spend his legitimate balance that was received through it.

I use Electrum wallet but I did not pay my attention on Freeze option. I did not know Freeze is used to avoid Dust Attack. Beyond Dust Attack, any other use cases for the Freeze option in Electrum wallet, can you share more?

I feel worry what will happen after use Freeze and with search my fear is cleaned away. Frozen address can be unfrozen and it is simple to do. If misclick to Freeze one address, people can do backward Unfreeze that address later.


https://bitcoinelectrum.com/frequently-asked-questions/

In order to make the things more clear, I will detail how to mark some address as freezed so that the dusted coins do not mark other clean coins:

There are two separate possible case:

• If a dust attack hits an empty address, you can actually damage your privacy, if you are not aware of this attack. If you spend from that address, you are probably going to use the dusted UTXO with your other UTXO's, effectively linking a "past" address of yours with your current transaction. This is very dangerous.
• If a dust attack hits an address with a positive balance it is no major damage, I think: the dust comes together in the address with some other UTXO's, so it would have been trivial to follow those coins without the dust in the first place. Dust acts as a not-so-cheap marker of your public UTXO's. You know you are being tracked anyway on the blockchain, so you act consciously.

The action to be taken are then different:

• If the dusted address is empty: "Freeze address", this will prevent using the address in any future operation in the wallet
• If the dusted address is not empty: "Freeze Coin", this will freeze only the dusted UTXO (you can think as UTXO and Coins as synonymous, while the address will be able to spend the UTXO as usual.

---

ELECTRUM
I will show you the coin Control feature in Electrum, one of the most used wallet to offer such a feature.
If you are using another wallet and you get dusted, my suggestion is to import your wallet in Electrum and do the following steps.

To avoid privacy concerns I created a test wallet, dusted it and censored some relevant information.

This is the dusted Wallet.


I am assuming the dust hits an empty address, maybe one I used in the past and is now empty after a spend.

---

Freeze Address
Since the address is empty, and the only associated UTXO is dusted, I decide to block the whole address.
This will make this address unable to spend any coin.


1.Make Electrum show all your Addresses.
Click on "View" menù, select "Show Addresses"



2. Locate the address where you received the dust.
You might want to label it. In this case it is easy, as it is the only one address with a positive balance. In your case you might have many positive addresses.



3. Freeze the dusted address.
Right Click on the dusted address, select "Freeze"



4. The Address is now Freezed.
The address is highlighted in dark Blue



From now on, all the UTXO pertaining that address won't be used until the address is Freezed.
Those UTXO won't mix with other "clean" UTXO then, defending us from the Dusting Attack.

---

Freeze Coin

In case you receive the dust on an address with some other coins, you might not lose such coins. Then you can freeze the dust UTXO only.

1.Make Electrum show all your Coins.
Click on "View" menù, select "Show Coins"



2. Locate the UTXO that are the Dust.
You might want to label it. In this case it is easy, as it is the only one UTXO. In your case you might have many UTXO's.



3. Freeze the Coins.
Right Click on the dusted address, select "Freeze"



4. The Coin is now Freezed.
The coin is highlighted in dark Blue, and won't be spent in future transactions.

Coin control is the key, when dealing with dust attack. I thought I made clear in the OP, but apparently it didn’t catch your attention. I will edit OP to detail exactly how to do this in at least a couple of Wallet (Electrum and Wasabi, just to start).

Ok, I will suggest this as a solution.
Many thanks for your help!

---

5 BTC? That would be nice but I think it's 1000 x 0.00000547 = 0.00547 BTC ?
Or how did you calculate 5 BTC? 

---

It is an escrow address from willi9974 who is escrowing our funds. I don't know where he has used this address additionally. 

but if your fake "potential criminals list" competition in a suspicious area of the net contained a thousand addresses

That's over 5 bitcoin right?

Reading this thread, I expect they do it to targeted and then associated addresses. But hey if they are lifting things from the forum, as in the football pool example? it might work. (I suppose there was a google docs? as there usualy is? with all the addresses? maybe another place they are targeting

SHUM

Since there were already two dust UTXOs, you can now send them to a black-hole/dust-donation address using "coin-control" to get rid of them.
As long as the transaction doesn't reach 547B or above with 1sat/B fee rate, it will be valid with 547sat output.

Or use coin control when sending the price money.
Electrum has a useful "freeze coin/address" feature that will make this easy, as well as coin-control.

Yes, but 547 Sats are not much. At least right now. 

---

Important point. Since our escrow isn't using SegWit here, that might get a bigger issue. 
We'll watch it carefully.

I was referring to Coinbase.
Coinbase offered Wlecome Bonus to make sure you wanted to grab 30$ worth of Bitcoin, and do stupid things with those.
They also had the EARN proram, where they give you some obscure shitcoin for watching a few videos and then hope, again, you do stupid things with those coins.

Just remember:
Coinbase the most anti-Bitcoin organisation. Make #DeleteCoinbase great again

This is a very interesting read.
I've heard of these attacks before, but I never understood how a person could be threatened.



Do you have any references for this information? It would be interesting to read a little about this IRL attack.
Looking at it, this is a threat only to people who have a lot of accumulated coins.

Another scenario,
If I am attacked this way, and then I decide to buy something with these satoshis, and if the buyer eventually puts the coins in their savings address, no one can prove that these coins are mine.

N.B. Quoting a part of a list is awful.

The attacker might be using a software that follows those specific UTXO, not the addresses themselves nor their previous outputs.
If he's sending more than once to some addresses, he might be trying to increase the transaction fee when the victim tries to consolidate or "spend-all" by adding additional inputs.

Or just trolling/advertising a fork (together with the previous reasons) since the first five addresses are proof-of-burn addresses with vague meaning.

BTW, It doesn't end there, the change was spent by another 608 output transaction series (until it's empty? I didn't checked until the last).
And it wasn't even the start of that series of 20,000vB transactions, those transactions are somewhere in the middle
so this must be a large scale dust attack.

-edit-

It pointed me to this page (based from those first five addresses): https://memo.sv/topic/hmwyda
You can easily spot it, These are the first five addresses:

1Lets1xxxx1use1xxxxxxxxxxxy2EaMkJ
1fuLL1xxxx1power1xxxxxxxxxxzatvCK
1of1xxxxx1anonymity1xxxxxxxz9JzFN
1See1xxxx1memo1xxxxxxxxxxxxxBuhPF
1dot1xxxxx1sv1xxxxxxxxxxxxxwYqEEt
1topic1xxx1hmwyda1xxxxxxxxxvo8wMn
1xxxxxxxxxxxxxxxxxxxxxxxxxy1kmdGr

And it looks like the trolling/attack is not not exclusive to Bitcoin's chain.

---

But others wont be able to tell which ones belong to an ID/person unless for example:
he publicly displays that address or used to withdraw/deposit from/to an Exchange or service with KYC.
That what these kind of attacks are uncovering: linking a public/identified address(es) to another or to undisclosed ones.

Free money, I need to join up to more public facing bitcoin competitions.

If they are spreading marking transaction about, who cares.

In fact dust the addresses! you can make a fake competition and a long list of your own addresses and wait for them to send you money.

Just don't use your own address. An hope one doesn't land in your super secret wallet I guess.

But hey, bitcoin is transparent and verifiable anyway whats the problem?

Agree. Safety is important: know your public addresses and track them: know where every stats comes from. Do not do stupid things with unknown coins, like consolidating with your own sats, using them in a payment, for example.

Sure, that's practically so true and possible. Especially amongst people who participate in multiple bounty campagnes and with the public nature of the wallet address. Your wallet is just everywhere by that singular act of always publicizing your wallet address also as seen on some forum users profile. But then, that is not a bad thing at all as, it allows coins come in and not go out without due authorization.
Hence, dusting comes to play with the idea of accumulation which then pays the price. Having your identity in the wrong hands especially criminals as that could be such a bad thing when you've got something of worth. Play safe people, question yourself over any unexpected coin you get and apply caution.

Any opinions here:

We are organizing a football betting challenge similar to this one: Sportsbet.io's English Premier League Football Pool Sign-Up Thread 0.0045 2 Join

People have to pay 2 mBTC to register and we will use this BTC as winner price. Now, an unknown person has sent 547 Satoshis to our escrow address: https://blockchair.com/bitcoin/transaction/d3239fcd4ed507b1943ea4fe3cec19fff380d9cfb96d5a3b27bfba549be74a18

It's one of more than 500 addresses where 547 Satoshis each were also sent by that unknown address:




My first impression was a dust attack but it makes no sense because our escrow address is public and contains funds anyway...

This transaction happened 2 days ago and just now someone sent again 547 Sats to our escrow address: https://blockchair.com/bitcoin/address/1LC8VWsLBnaXq7v6vRuxbUYNj4frpmtnUg
Does anyone have an explanation?  

Dust Attack hitting the news again on Coindesk:

Dust Attacks Make a Mess in Bitcoin Wallets, but There Could Be a Fix


Nothing new, or nothing already written in this thread.

Two passages need a special comment, in my opinion:

LOL!
Of course they don't do that! But other do that!
Facepalm. Broken Logic. Hypocrisy.
Chain analysis firm are bad.
Bonus Read: A treatise on privacy

Also this one:

This is exactly the point: they send you the dust hoping you do stupid things with that (like consolidating with your existent UTXO).
Please note that consolidating doesn't mean aggregate the outputs, something that might require your intervention, but also aggregating those UTXO's as a transaction input. Something a wallet could do, if you don't take the necessary precautions.

A nice read about dust attacks I found recently, even if the article itself is quite old:

Bitcoin Data Science (Pt. 3): Dust & Thermodynamics

It contains, for the most technical experts, a good technical analyis of dust, how it is created, and how it is sort of "natural" in bitcoin system.
What it is not natural is the malicious use you can do with dust.

Thanks. I don't use it with Electrum, unfortunately.
Anyway, I thought there might've been some risk if I'd spend my BTC balance with the dust from it too, but as soon as it hasn't been connected in any way to my identity ever since I started using Bitcoin, I think I'm fine. I don't plan to share my ID with anyone in the near future either.

I've browsed a little through my transactions and apparently I cannot find the Bitcoin dust txid. Might have been a paper wallet or my mobile one. I've found two of the dust transactions I had through alts though, I'm going off-topic but I'll leave the information here in case anyone is interested to research them.

First, the most recent dust tx, we have a Ripple transaction with a memo (description) attached to it: "NETWORK ANNOUNCEMENT: Ripple unlocks 50% stake in XRP, indicates massive airdrop www.*hidden fraud domain*". Seems like someone tried to scam by sending dust XRP with links in memos. I looked the memo up on Google and found this wallet: https://bithomp.com/explorer/rpWhspQz4DX5N5NoPDpvFtkcpyZiNa9Uv1, which confirms my doubts.

A second dust sent to my wallet was through a LTC tx: https://live.blockcypher.com/ltc/tx/c0ad0412027347d137f5f8c18ad0b61064d7051a8b57f97d09101bceabfd8c07/. The user apparently sent this to 2000+ different wallets.