Pages:
Author

Topic: Dust Attack, what it is, why it is dangerous and how to prevent falling to it - page 3. (Read 2089 times)

legendary
Activity: 2268
Merit: 16328
Fully fledged Merit Cycler - Golden Feather 22-23

Many modern wallet (for bicoin for sure, I don't know anything about shitcoins) have a "do not spend" feature you can tag given UTXO with.
So tagging in this way your dust prevents you doing stupid things with that.
I will have to look into that, I've never seen this option on my Ledger though. Thanks for the suggestion, although I think I've even spent some of the UTXOs already..  Cheesy Cheesy

IF you use your Ledger togheter with Electrum you can use the "freeze Coin" option:

Quote
What does it mean to “freeze” an address in Electrum?
When you freeze an address, the funds in that address will not be used for sending bitcoins. You cannot send bitcoins if you don’t have enough funds in the non-frozen addresses.

https://electrum.readthedocs.io/en/latest/faq.html#what-does-it-mean-to-freeze-an-address-in-electrum
legendary
Activity: 1134
Merit: 1598
Can you analyze to what sort of addresses did you receive that dust? Was that the addresses that you used to withdraw from some exchanges? If so, can you tell from which exchanges? Or was it some other services? Or maybe addresses that were never used (but how it can even possibly happen?)? Maybe we can get some idea who is behind this dusting if we try to start tracking them.
I'll try analizing them ASAP, although I will not share them due to privacy reasons.

They are not addresses that I used on exchanges. In fact, I do not remember using any of my addresses on exchanges and I believe I have not used them for services either. Will try tracking the dust addresses down but I don't know if I'll get to any results.

Many modern wallet (for bicoin for sure, I don't know anything about shitcoins) have a "do not spend" feature you can tag given UTXO with.
So tagging in this way your dust prevents you doing stupid things with that.
I will have to look into that, I've never seen this option on my Ledger though. Thanks for the suggestion, although I think I've even spent some of the UTXOs already..  Cheesy Cheesy
legendary
Activity: 3024
Merit: 2148
I know this topic is old and has been revived yesterday by someone, but I just found it and I can relate to it. My XRP, LTC, BTC, BCH, ETH and DASH addresses have all received dust transactions from an unknown address. I've never done KYC anywhere, nor are my addresses linked to my real identity in any way. Is there anything I must do? Some of them MIGHT be empty, but I'm not entirely sure.

Now, after reading the last part of the thread posted by the OP, I have another theory: governments may be conducting this process of blockchain analyzing in order to find the identity of a person for money laundering and tax evasion purposes.

I'm using Ledger by the way.

Can you analyze to what sort of addresses did you receive that dust? Was that the addresses that you used to withdraw from some exchanges? If so, can you tell from which exchanges? Or was it some other services? Or maybe addresses that were never used (but how it can even possibly happen?)? Maybe we can get some idea who is behind this dusting if we try to start tracking them.
legendary
Activity: 2268
Merit: 16328
Fully fledged Merit Cycler - Golden Feather 22-23
I know this topic is old and has been revived yesterday by someone, but I just found it and I can relate to it. My XRP, LTC, BTC, BCH, ETH and DASH addresses have all received dust transactions from an unknown address. I've never done KYC anywhere, nor are my addresses linked to my real identity in any way. Is there anything I must do? Some of them MIGHT be empty, but I'm not entirely sure.

Now, after reading the last part of the thread posted by the OP, I have another theory: governments may be conducting this process of blockchain analyzing in order to find the identity of a person for money laundering and tax evasion purposes.

I'm using Ledger by the way.

Many modern wallet (for bicoin for sure, I don't know anything about shitcoins) have a "do not spend" feature you can tag given UTXO with.
So tagging in this way your dust prevents you doing stupid things with that.
legendary
Activity: 1134
Merit: 1598
I know this topic is old and has been revived yesterday by someone, but I just found it and I can relate to it. My XRP, LTC, BTC, BCH, ETH and DASH addresses have all received dust transactions from an unknown address. I've never done KYC anywhere, nor are my addresses linked to my real identity in any way. Is there anything I must do? Some of them MIGHT be empty, but I'm not entirely sure.

Now, after reading the last part of the thread posted by the OP, I have another theory: governments may be conducting this process of blockchain analyzing in order to find the identity of a person for money laundering and tax evasion purposes.

I'm using Ledger by the way.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
Why would you want to consolidate your "dust" transactions for a few Satoshi's? You would be burning more Satoshi's in miners fees to consolidate it, than gaining anything from it. They might have done this on LiteCoin, because the fees are lower than Bitcoin, but it will never work for Bitcoin, because the miners fees in Bitcoin is much higher.

Also, consolidating "dust" into a single Bitcoin address would simply be a stupid idea. I have several coin spread out over a bunch of addresses, because I do not want someone to trace all my coins back to me.

Proper coin management and the use of Mixer services will render this attack useless.  Wink
legendary
Activity: 2702
Merit: 2053
Free spirit
jr. member
Activity: 40
Merit: 1
this bold part is misleading because nobody can "trace your identity" this way, specially not by using blockchain analysis alone. all they can do is linking the different addresses if they weren't linked before only when the user consolidates the inputs in one transaction. and an address is not revealing the identity of the user on its own.

Bitcoin it is not an anonymous protocol, but a pseudonymous. If an exchange gives you a few satoshi and you consolidate those with your bitcoin stash, they are perfectly able to link your KYC'd addresses to the pseudonymous one. Same thing if they send dust to an empty address and if you send to a KYC'd address (or an address "touched" with a KYC'd one). This is what the sentence ion bold meant.

exactly my point.
they can not identify you by only using "dust attack" technique that you explained here. for example someone can have 2 addresses both not-linked to his identity. first one that is empty receives dust then he links it to the second one, there still is no way of linking these two to his identity. similarly the another person may have 2 addresses both linked to his identity, the empty one receives dust and he links it to the other one. no additional privacy was lost here.
If someone wanted to identify you, I doubt if they would send dust to an empty address. Since everything is on the blockchain, they would send dust to addresses that have a fairly decent amount of crypto. If that address gets linked to another address that is linked to a person's identity, then they now know the person behind it. But then again, if you're really not bothered about privacy as such, a dust attack wouldn't affect you.
legendary
Activity: 2268
Merit: 16328
Fully fledged Merit Cycler - Golden Feather 22-23
Maybe this dusting is more of a spam attack, it creates new unspent outputs that are more expensive to move than they are worth, so it can make people overpay fees
This is a lot more likely than theory of topic author.
I mean it have actual money reason to do that, and privacy concern? I didnt get it, and tried really hard of what topic author wrote.
Its too far fetched for me, privacy is not affected here.

Doing this kind of research and sell it to the government, or the IRS, is a is a fantastic business opportunity to gain from this kind of attack.
Again this is not theory, but practice, done every day by chain analysis companies.
Your privacy is at risk, and privacy is one of those goods that are vastly underappreciated until it’s lost.
hero member
Activity: 1358
Merit: 635
They shoot in the mass.
They are not targeting at you. Just shooting in the mass and hoping to fish something.

Yeah, I know that but in my case by single trx they targeted around ten addresses  ,  all of them are  from bitcointalk and that surprised me.   
legendary
Activity: 2296
Merit: 1014
Maybe this dusting is more of a spam attack, it creates new unspent outputs that are more expensive to move than they are worth, so it can make people overpay fees
This is a lot more likely than theory of topic author.
I mean it have actual money reason to do that, and privacy concern? I didnt get it, and tried really hard of what topic author wrote.
Its too far fetched for me, privacy is not affected here.
legendary
Activity: 1652
Merit: 1483
Bitcoin it is not an anonymous protocol, but a pseudonymous. If an exchange gives you a few satoshi and you consolidate those with your bitcoin stash, they are perfectly able to link your KYC'd addresses to the pseudonymous one. Same thing if they send dust to an empty address and if you send to a KYC'd address (or an address "touched" with a KYC'd one). This is what the sentence ion bold meant.

exactly my point.
they can not identify you by only using "dust attack" technique that you explained here. for example someone can have 2 addresses both not-linked to his identity. first one that is empty receives dust then he links it to the second one, there still is no way of linking these two to his identity. similarly the another person may have 2 addresses both linked to his identity, the empty one receives dust and he links it to the other one. no additional privacy was lost here.

all that says is that bitcoin is pseudonymous, which fillippone just stated. we already know that. all of bitcoin's privacy pitfalls require a link to real-life identity to be meaningful.

how about the case where one address gets dusted, then linked to a second address (or cluster of addresses) which is already linked to your identity?
legendary
Activity: 2268
Merit: 16328
Fully fledged Merit Cycler - Golden Feather 22-23
They shoot in the mass.
They are not targeting at you. Just shooting in the mass and hoping to fish something.
hero member
Activity: 1358
Merit: 635
snip
Last moth my empty and never used BTC address published on forum to authenticate my account    has got  555 sat. Sure that was the dust attack but I wonder what for? who might have  interest in me?
legendary
Activity: 2268
Merit: 16328
Fully fledged Merit Cycler - Golden Feather 22-23
Exactely, faucets are another way of doing so.
The point is Faucets are rarely properly KYC'd, so it's difficult to link them to an identity.
hero member
Activity: 2128
Merit: 532
FREE passive income eBook @ tinyurl.com/PIA10
So I guess this can apply even on gambling and faucets?

Imagine faucet sites on FBC, then there's no way to find out if we've been dusted or not.
legendary
Activity: 2268
Merit: 16328
Fully fledged Merit Cycler - Golden Feather 22-23
exactly my point.

Ok. So we do agree.
The misunderstanding comes from the fact that I define (as I think also all the link I surveyed) the dust attack as not only the sole act of sending dust to an address, but also the complex of following actions, that, if not properly monitored by the recipient of this attack, can lead to some loss of privacy.
legendary
Activity: 3472
Merit: 10611
this bold part is misleading because nobody can "trace your identity" this way, specially not by using blockchain analysis alone. all they can do is linking the different addresses if they weren't linked before only when the user consolidates the inputs in one transaction. and an address is not revealing the identity of the user on its own.

Bitcoin it is not an anonymous protocol, but a pseudonymous. If an exchange gives you a few satoshi and you consolidate those with your bitcoin stash, they are perfectly able to link your KYC'd addresses to the pseudonymous one. Same thing if they send dust to an empty address and if you send to a KYC'd address (or an address "touched" with a KYC'd one). This is what the sentence ion bold meant.

exactly my point.
they can not identify you by only using "dust attack" technique that you explained here. for example someone can have 2 addresses both not-linked to his identity. first one that is empty receives dust then he links it to the second one, there still is no way of linking these two to his identity. similarly the another person may have 2 addresses both linked to his identity, the empty one receives dust and he links it to the other one. no additional privacy was lost here.
legendary
Activity: 2268
Merit: 16328
Fully fledged Merit Cycler - Golden Feather 22-23
<...>
This is nice.
<...>
Please, learn to quote responsibly.
It's not necessary to include the whole original text if you are replying to the thread without a specific quote reference.

I might suggest you two threads to help you familiarize with such topics:



Quote
The attacker sends satoshi to a used but empty address. The receiver then aggregates those satoshi to a new address by making a payment. At that point the old address and the new one are "linked" and the attacker can, with methods of chain analysis, try to trace your identity, having discovered, however, that you also have control of the old address.

this bold part is misleading because nobody can "trace your identity" this way, specially not by using blockchain analysis alone. all they can do is linking the different addresses if they weren't linked before only when the user consolidates the inputs in one transaction. and an address is not revealing the identity of the user on its own.

Bitcoin it is not an anonymous protocol, but a pseudonymous. If an exchange gives you a few satoshi and you consolidate those with your bitcoin stash, they are perfectly able to link your KYC'd addresses to the pseudonymous one. Same thing if they send dust to an empty address and if you send to a KYC'd address (or an address "touched" with a KYC'd one). This is what the sentence ion bold meant.
Please remember that this is not fantasy: Coinbase buying Neutrino (chain analysis company) AND giving out satoshis (https://www.coinbase.com/earn) is the reality.


legendary
Activity: 3472
Merit: 10611
Quote
The attacker sends satoshi to a used but empty address. The receiver then aggregates those satoshi to a new address by making a payment. At that point the old address and the new one are "linked" and the attacker can, with methods of chain analysis, try to trace your identity, having discovered, however, that you also have control of the old address.

this bold part is misleading because nobody can "trace your identity" this way, specially not by using blockchain analysis alone. all they can do is linking the different addresses if they weren't linked before only when the user consolidates the inputs in one transaction. and an address is not revealing the identity of the user on its own.
Pages:
Jump to: