Dust Attacks as a Service \ stacker news ~security

pull down to refresh

700 sats \ 10k boost \ 24 comments \ @ek 28 Mar security

I had a bad day and Epic Games does not let me play competitive Rocket League on the PS4 in PlebLab until I reached Level 20 even though I could prove I used to be Diamond on PC, so I decided that I want to end this day by offering dust attacks as a service, especially to people who don't believe in dust attacks.

Let me know if anyone is interested. You have to pay the mining fees though but you can pay me with CCs.

view all related items

111 sats \ 3 replies \ @Longtermwizard 28 Mar

I am in!

0 sats \ 2 replies \ @ek OP 28 Mar

Cool! You need to send me a bitcoin address. You can use one of the messaging options in my profile.

1000 sats \ 1 reply \ @Longtermwizard 30 Mar

bc1qmuh7stzz7smmltn0u4d89kpc7wfypdqqz3l7nm let's do it publicly

0 sats \ 0 replies \ @ek OP 13h

Cool! It's been a while since I did an onchain tx.

When I have a small utxo (don't want to reveal my stack lol), I'll send you some dust from it!

@remindme in 3 days

70 sats \ 6 replies \ @SimpleStacker 28 Mar

Is the idea of dust attack that the dust is too small to spend on its own, but spendable if bundled with another TX? and so you hope that it gets bundled into a tx with another address, thus identifying the two as having the same xpub?

30 sats \ 5 replies \ @ek OP 28 Mar

Is the idea of dust attack that the dust is too small to spend on its own, but spendable if bundled with another TX?

Yes.

and so you hope that it gets bundled into a tx with another address, thus identifying the two as having the same xpub?

If you mean with "same xpub" that they have the same owner, yes, pretty much.¹ You now have a foot in the door that is their onchain history.

For example, maybe you're now able to tell where they got this other utxo (or multiple!) from, if they are using multisig via OP_CHECKMULTISIG, if they will open a lightning channel etc.

But afaik, taproot can make all transactions look the same so if you're using taproot addresses, dust attacks might be useless. But not sure. And not many utxos probably use taproot yet. They might pay into a taproot address when spent, but they didn't yet in the past.

Want to try? 👀

I think it's just a (pretty good) heuristic though. ↩

0 sats \ 4 replies \ @SimpleStacker 28 Mar

How would I dust attack a target? Send dust to a known address of theirs, then wait for them to spend the dust UTXO along with other UTXOs together in one tx?

51 sats \ 3 replies \ @ek OP 28 Mar

Yes

0 sats \ 2 replies \ @SimpleStacker 28 Mar

If I think of a target I will let you know!

0 sats \ 1 reply \ @ek OP 28 Mar

I want to add that I was thinking more about sending it to a new address they have the private keys for though (no address reuse) but I think it should also work if you reuse an address of them.

view all 1 replies

10 sats \ 4 replies \ @DarthCoin 28 Mar

Dust attack are a serious thing. You better write a guide about how to deal with them instead of literally doing them. Don't be evil, do good.

81 sats \ 3 replies \ @kruw 28 Mar

Here's a quick guide for users who want to defend themselves against dust attacks:

Use Wasabi Wallet
Change the dust blocker setting to a value that is at least as high as the coinjoin minimum

21 sats \ 2 replies \ @DarthCoin 28 Mar

That is good, but is not enough. Better prevent it than deal with consequences...

0 sats \ 1 reply \ @Longtermwizard 28 Mar

What's enough?

10 sats \ 0 replies \ @DarthCoin 28 Mar

prevent it

And one of the options would be not spending it: https://bitcoin.stackexchange.com/questions/117606/can-simply-not-spending-the-dust-thwart-dusting-attacks Another one would be to not post your BTC addresses on public places (donations etc). Another option would be to use as much as you can LN and limit your onchain footprint exclusively to open/close channels, using also taproot channels or any other methods as decoys... see #909079

Do not do DCA for small amounts onchain. Go all in once and forget, then just transact over LN.

Use multiple wallets on multiple levels: https://darth-coin.github.io/beginner/be-your-own-bank-en.html

21 sats \ 1 reply \ @SwapMarket 28 Mar

I don't really see the point. If you know someone's address, presumably it is not empty. So just track quietly with which other UTXOs it will be spent. If it is empty, presumably it will never be reused.

121 sats \ 0 replies \ @kruw 28 Mar

If you know someone's address, presumably it is not empty

Dust attackers only target empty addresses that have already spent their coins.

If it is empty, presumably it will never be reused.

That's the point: Dust attackers purposely refill it so it will be reused by a clumsy victim.

1 sat \ 1 reply \ @Undisciplined 28 Mar

I'm not paying the mining fees, though.

0 sats \ 0 replies \ @ek OP 28 Mar

And what if I do pay the mining fees? 👀

Btw, I forgot to mention you would also have to pay for the dust, but I can accept my mistake.

Footnotes