Bitcoin Forum

I got 8 of these DDOS fake transactions from february 2014 in my Wallet, it's kind of spam for me.

Therefore I would like to remove them from my Multibit wallet. Any way to do that?

Congratulations, you must have an address that someone found difficult to link to your real identity for them to be trying this trick.

They'll get dumped eventually as unconfirmed tx, but it'll take a while. 

If you want to get rid of them faster, you can use the command line client to transfer your "real" BTC to another wallet.  But if you pay tx fees that won't be worth it. 

I suppose you could also very carefully construct transactions to transfer the 1-satoshi utxo's to the mining payout from block #1 or something.    Back when 1-satoshi transactions were "normal" and actually confirmed occasionally, people would send satoshis to Satoshi that way.  But with the current client they'll just disappear eventually.

I am working on adding some 'anti-spam' into MultiBit at the moment.
It will go in the next build - which should be out this week.

They will just disappear.

Great, thanks. (just donated another some BTC to MultiBit project)

BTW received today 9 more unconfirmed Satoshi-Spam-Transactions...

How does it link my real identity at all?

I left them in a wallet, transferred all my bitcoins -minus these transactions, closed the old wallet (did it through sharedcoin transactions)

Can't find a single one of the sending addresses on my current address taint list?

If you upgrade to the latest version of MultiBit on the multibit.org website the 'satoshi spam' will simply disappear.

 I knew it was an effort to track users, but today I was elbows-deep in the source code and I just figured out exactly how it works. 

Somebody is using this to figure out who (which IP address) owns (or once owned, since the wallet doesn't throw away old addresses) what txOuts.

Here's what's going on. 

• First, they send a tiny txOut to the address on the block chain whose owner (or former owner) they want to know.
• Second, they connect to a bunch of different nodes and send them bogus transactions that spend that txOut without fees.  Repeatedly.
• They don't know the address's private key, so they can't provide a good signature for that tx.  But they don't need to.
         
  • If they've connected to a machine that has the wallet containing the original txOut whose owner they're trying to find, that node will disconnect them as a misbehaving node, because the keys provided don't match.
  • If they've connected to a machine that doesn't have the wallet containing the original txOut, That node will just reject the transaction due to penny-flooding prevention and no fees.
       
• Because they can tell which thing happened, they can tell whether the node at this IP address owns the original txOut.

That's interesting Cryddit - thanks for posting that.

So I think you are saying it would work for Bitcoin Core nodes but for other sorts of Bitcoin wallets e.g. for SPV nodes that don't accept connections it would not tell you much. I guess it would eventually tell you the txOut is NOT under the control of a Bitcoin Core wallet.

It's a good reason to use the new capability in 0.10 bitcoin core client for running with the wallet offline.  

And I think most implementations of the protocol follow the core client's lead about when to disconnect misbehaving nodes and when to reject tx due to penny flooding, but I don't actually know about other clients because I'm not elbows-deep in their code.