Dust Attack, what it is, why it is dangerous and how to prevent falling to it - page 3.

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: 20kevin20 on January 30, 2020, 10:42:44 AM

Quote from: fillippone on January 30, 2020, 08:28:25 AM

Many modern wallet (for bicoin for sure, I don't know anything about shitcoins) have a "do not spend" feature you can tag given UTXO with.
So tagging in this way your dust prevents you doing stupid things with that.

I will have to look into that, I've never seen this option on my Ledger though. Thanks for the suggestion, although I think I've even spent some of the UTXOs already.. Cheesy

IF you use your Ledger togheter with Electrum you can use the "freeze Coin" option:

Quote

What does it mean to “freeze” an address in Electrum?
When you freeze an address, the funds in that address will not be used for sending bitcoins. You cannot send bitcoins if you don’t have enough funds in the non-frozen addresses.

https://electrum.readthedocs.io/en/latest/faq.html#what-does-it-mean-to-freeze-an-address-in-electrum

20kevin20

legendary

Activity: 1134

Merit: 1598

Quote from: hatshepsut93 on January 30, 2020, 09:25:15 AM

Can you analyze to what sort of addresses did you receive that dust? Was that the addresses that you used to withdraw from some exchanges? If so, can you tell from which exchanges? Or was it some other services? Or maybe addresses that were never used (but how it can even possibly happen?)? Maybe we can get some idea who is behind this dusting if we try to start tracking them.

I'll try analizing them ASAP, although I will not share them due to privacy reasons.

They are not addresses that I used on exchanges. In fact, I do not remember using any of my addresses on exchanges and I believe I have not used them for services either. Will try tracking the dust addresses down but I don't know if I'll get to any results.

Quote from: fillippone on January 30, 2020, 08:28:25 AM

Many modern wallet (for bicoin for sure, I don't know anything about shitcoins) have a "do not spend" feature you can tag given UTXO with.
So tagging in this way your dust prevents you doing stupid things with that.

I will have to look into that, I've never seen this option on my Ledger though. Thanks for the suggestion, although I think I've even spent some of the UTXOs already.. Cheesy

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: 20kevin20 on January 30, 2020, 07:25:08 AM

I know this topic is old and has been revived yesterday by someone, but I just found it and I can relate to it. My XRP, LTC, BTC, BCH, ETH and DASH addresses have all received dust transactions from an unknown address. I've never done KYC anywhere, nor are my addresses linked to my real identity in any way. Is there anything I must do? Some of them MIGHT be empty, but I'm not entirely sure.

Now, after reading the last part of the thread posted by the OP, I have another theory: governments may be conducting this process of blockchain analyzing in order to find the identity of a person for money laundering and tax evasion purposes.

I'm using Ledger by the way.

Can you analyze to what sort of addresses did you receive that dust? Was that the addresses that you used to withdraw from some exchanges? If so, can you tell from which exchanges? Or was it some other services? Or maybe addresses that were never used (but how it can even possibly happen?)? Maybe we can get some idea who is behind this dusting if we try to start tracking them.

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: 20kevin20 on January 30, 2020, 07:25:08 AM

I know this topic is old and has been revived yesterday by someone, but I just found it and I can relate to it. My XRP, LTC, BTC, BCH, ETH and DASH addresses have all received dust transactions from an unknown address. I've never done KYC anywhere, nor are my addresses linked to my real identity in any way. Is there anything I must do? Some of them MIGHT be empty, but I'm not entirely sure.

Now, after reading the last part of the thread posted by the OP, I have another theory: governments may be conducting this process of blockchain analyzing in order to find the identity of a person for money laundering and tax evasion purposes.

I'm using Ledger by the way.

Many modern wallet (for bicoin for sure, I don't know anything about shitcoins) have a "do not spend" feature you can tag given UTXO with.
So tagging in this way your dust prevents you doing stupid things with that.

20kevin20

legendary

Activity: 1134

Merit: 1598

I know this topic is old and has been revived yesterday by someone, but I just found it and I can relate to it. My XRP, LTC, BTC, BCH, ETH and DASH addresses have all received dust transactions from an unknown address. I've never done KYC anywhere, nor are my addresses linked to my real identity in any way. Is there anything I must do? Some of them MIGHT be empty, but I'm not entirely sure.

Now, after reading the last part of the thread posted by the OP, I have another theory: governments may be conducting this process of blockchain analyzing in order to find the identity of a person for money laundering and tax evasion purposes.

I'm using Ledger by the way.

Kakmakr

legendary

Activity: 3514

Merit: 1963

Leading Crypto Sports Betting & Casino Platform

Why would you want to consolidate your "dust" transactions for a few Satoshi's? You would be burning more Satoshi's in miners fees to consolidate it, than gaining anything from it. They might have done this on LiteCoin, because the fees are lower than Bitcoin, but it will never work for Bitcoin, because the miners fees in Bitcoin is much higher.

Also, consolidating "dust" into a single Bitcoin address would simply be a stupid idea. I have several coin spread out over a bunch of addresses, because I do not want someone to trace all my coins back to me.

Proper coin management and the use of Mixer services will render this attack useless. Wink

Globb0

legendary

Activity: 2702

Merit: 2053

Free spirit

SHUM +1

bitbro678

jr. member

Activity: 40

Merit: 1

Quote from: pooya87 on December 05, 2019, 08:50:37 AM

Quote from: fillippone on December 05, 2019, 02:29:48 AM

Quote from: pooya87 on December 05, 2019, 12:40:02 AM

this bold part is misleading because nobody can "trace your identity" this way, specially not by using blockchain analysis alone. all they can do is linking the different addresses if they weren't linked before only when the user consolidates the inputs in one transaction. and an address is not revealing the identity of the user on its own.

Bitcoin it is not an anonymous protocol, but a pseudonymous. If an exchange gives you a few satoshi and you consolidate those with your bitcoin stash, they are perfectly able to link your KYC'd addresses to the pseudonymous one. Same thing if they send dust to an empty address and if you send to a KYC'd address (or an address "touched" with a KYC'd one). This is what the sentence ion bold meant.

exactly my point.
they can not identify you by only using "dust attack" technique that you explained here. for example someone can have 2 addresses both not-linked to his identity. first one that is empty receives dust then he links it to the second one, there still is no way of linking these two to his identity. similarly the another person may have 2 addresses both linked to his identity, the empty one receives dust and he links it to the other one. no additional privacy was lost here.

If someone wanted to identify you, I doubt if they would send dust to an empty address. Since everything is on the blockchain, they would send dust to addresses that have a fairly decent amount of crypto. If that address gets linked to another address that is linked to a person's identity, then they now know the person behind it. But then again, if you're really not bothered about privacy as such, a dust attack wouldn't affect you.

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: Velkro on December 05, 2019, 07:01:52 PM

Quote from: hatshepsut93 on August 15, 2019, 06:51:57 PM

Maybe this dusting is more of a spam attack, it creates new unspent outputs that are more expensive to move than they are worth, so it can make people overpay fees

This is a lot more likely than theory of topic author.
I mean it have actual money reason to do that, and privacy concern? I didnt get it, and tried really hard of what topic author wrote.
Its too far fetched for me, privacy is not affected here.

Doing this kind of research and sell it to the government, or the IRS, is a is a fantastic business opportunity to gain from this kind of attack.
Again this is not theory, but practice, done every day by chain analysis companies.
Your privacy is at risk, and privacy is one of those goods that are vastly underappreciated until it’s lost.

naska21

hero member

Activity: 1358

Merit: 635

Quote from: fillippone on December 05, 2019, 03:55:09 PM

They shoot in the mass.
They are not targeting at you. Just shooting in the mass and hoping to fish something.

Yeah, I know that but in my case by single trx they targeted around ten addresses , all of them are from bitcointalk and that surprised me.

Velkro

legendary

Activity: 2296

Merit: 1014

Quote from: hatshepsut93 on August 15, 2019, 06:51:57 PM

Maybe this dusting is more of a spam attack, it creates new unspent outputs that are more expensive to move than they are worth, so it can make people overpay fees

This is a lot more likely than theory of topic author.
I mean it have actual money reason to do that, and privacy concern? I didnt get it, and tried really hard of what topic author wrote.
Its too far fetched for me, privacy is not affected here.

figmentofmyass

legendary

Activity: 1652

Merit: 1483

Quote from: pooya87 on December 05, 2019, 08:50:37 AM

Quote from: fillippone on December 05, 2019, 02:29:48 AM

Bitcoin it is not an anonymous protocol, but a pseudonymous. If an exchange gives you a few satoshi and you consolidate those with your bitcoin stash, they are perfectly able to link your KYC'd addresses to the pseudonymous one. Same thing if they send dust to an empty address and if you send to a KYC'd address (or an address "touched" with a KYC'd one). This is what the sentence ion bold meant.

exactly my point.
they can not identify you by only using "dust attack" technique that you explained here. for example someone can have 2 addresses both not-linked to his identity. first one that is empty receives dust then he links it to the second one, there still is no way of linking these two to his identity. similarly the another person may have 2 addresses both linked to his identity, the empty one receives dust and he links it to the other one. no additional privacy was lost here.

all that says is that bitcoin is pseudonymous, which fillippone just stated. we already know that. all of bitcoin's privacy pitfalls require a link to real-life identity to be meaningful.

how about the case where one address gets dusted, then linked to a second address (or cluster of addresses) which is already linked to your identity?

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

They shoot in the mass.
They are not targeting at you. Just shooting in the mass and hoping to fish something.

naska21

hero member

Activity: 1358

Merit: 635

Quote from: fillippone on August 13, 2019, 01:03:48 PM

snip

Last moth my empty and never used BTC address published on forum to authenticate my account has got 555 sat. Sure that was the dust attack but I wonder what for? who might have interest in me?

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Exactely, faucets are another way of doing so.
The point is Faucets are rarely properly KYC'd, so it's difficult to link them to an identity.

UserU

hero member

Activity: 2128

Merit: 532

FREE passive income eBook @ tinyurl.com/PIA10

So I guess this can apply even on gambling and faucets?

Imagine faucet sites on FBC, then there's no way to find out if we've been dusted or not.

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: pooya87 on December 05, 2019, 08:50:37 AM

exactly my point.

Ok. So we do agree.
The misunderstanding comes from the fact that I define (as I think also all the link I surveyed) the dust attack as not only the sole act of sending dust to an address, but also the complex of following actions, that, if not properly monitored by the recipient of this attack, can lead to some loss of privacy.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: fillippone on December 05, 2019, 02:29:48 AM

Quote from: pooya87 on December 05, 2019, 12:40:02 AM

this bold part is misleading because nobody can "trace your identity" this way, specially not by using blockchain analysis alone. all they can do is linking the different addresses if they weren't linked before only when the user consolidates the inputs in one transaction. and an address is not revealing the identity of the user on its own.

Bitcoin it is not an anonymous protocol, but a pseudonymous. If an exchange gives you a few satoshi and you consolidate those with your bitcoin stash, they are perfectly able to link your KYC'd addresses to the pseudonymous one. Same thing if they send dust to an empty address and if you send to a KYC'd address (or an address "touched" with a KYC'd one). This is what the sentence ion bold meant.

exactly my point.
they can not identify you by only using "dust attack" technique that you explained here. for example someone can have 2 addresses both not-linked to his identity. first one that is empty receives dust then he links it to the second one, there still is no way of linking these two to his identity. similarly the another person may have 2 addresses both linked to his identity, the empty one receives dust and he links it to the other one. no additional privacy was lost here.

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: Ann1989 on December 04, 2019, 09:52:01 PM

<...>
This is nice.
<...>

Please, learn to quote responsibly.
It's not necessary to include the whole original text if you are replying to the thread without a specific quote reference.

I might suggest you two threads to help you familiarize with such topics:

Quote from: pooya87 on December 05, 2019, 12:40:02 AM

Quote

The attacker sends satoshi to a used but empty address. The receiver then aggregates those satoshi to a new address by making a payment. At that point the old address and the new one are "linked" and the attacker can, with methods of chain analysis, try to trace your identity, having discovered, however, that you also have control of the old address.

this bold part is misleading because nobody can "trace your identity" this way, specially not by using blockchain analysis alone. all they can do is linking the different addresses if they weren't linked before only when the user consolidates the inputs in one transaction. and an address is not revealing the identity of the user on its own.

Bitcoin it is not an anonymous protocol, but a pseudonymous. If an exchange gives you a few satoshi and you consolidate those with your bitcoin stash, they are perfectly able to link your KYC'd addresses to the pseudonymous one. Same thing if they send dust to an empty address and if you send to a KYC'd address (or an address "touched" with a KYC'd one). This is what the sentence ion bold meant.
Please remember that this is not fantasy: Coinbase buying Neutrino (chain analysis company) AND giving out satoshis (https://www.coinbase.com/earn) is the reality.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote

The attacker sends satoshi to a used but empty address. The receiver then aggregates those satoshi to a new address by making a payment. At that point the old address and the new one are "linked" and the attacker can, with methods of chain analysis, try to trace your identity, having discovered, however, that you also have control of the old address.

this bold part is misleading because nobody can "trace your identity" this way, specially not by using blockchain analysis alone. all they can do is linking the different addresses if they weren't linked before only when the user consolidates the inputs in one transaction. and an address is not revealing the identity of the user on its own.

Topic: Dust Attack, what it is, why it is dangerous and how to prevent falling to it - page 3. (Read 2079 times)