Dust Attack, what it is, why it is dangerous and how to prevent falling to it

[CryptocurencyKing]

Sure, that's practically so true and possible. Especially amongst people who participate in multiple bounty campagnes and with the public nature of the wallet address. Your wallet is just everywhere by that singular act of always publicizing your wallet address also as seen on some forum users profile. But then, that is not a bad thing at all as, it allows coins come in and not go out without due authorization.
Hence, dusting comes to play with the idea of accumulation which then pays the price. Having your identity in the wrong hands especially criminals as that could be such a bad thing when you've got something of worth. Play safe people, question yourself over any unexpected coin you get and apply caution.

[1713568129]

1713568129

[1713568129]

1713568129

[fillippone]

Sure, that's practically so true and possible. Especially amongst people who participate in multiple bounty campagnes and with the public nature of the wallet address. Your wallet is just everywhere by that singular act of always publicizing your wallet address also as seen on some forum users profile. But then, that is not a bad thing at all as, it allows coins come in and not go out without due authorization.
Hence, dusting comes to play with the idea of accumulation which then pays the price. Having your identity in the wrong hands especially criminals as that could be such a bad thing when you've got something of worth. Play safe people, question yourself over any unexpected coin you get and apply caution.

Agree. Safety is important: know your public addresses and track them: know where every stats comes from. Do not do stupid things with unknown coins, like consolidating with your own sats, using them in a payment, for example.

[Globb0]

Any opinions here:

an unknown person has sent 547 Satoshis to our escrow address:

This transaction happened 2 days ago and just now someone sent again 547 Sats to our escrow address:

Free money, I need to join up to more public facing bitcoin competitions.

If they are spreading marking transaction about, who cares.

In fact dust the addresses! you can make a fake competition and a long list of your own addresses and wait for them to send you money.

Just don't use your own address. An hope one doesn't land in your super secret wallet I guess.

But hey, bitcoin is transparent and verifiable anyway whats the problem?

[nc50lc]

My first impression was a dust attack but it makes no sense because our escrow address is public and contains funds anyway...
-snip-
Does anyone have an explanation?  

The attacker might be using a software that follows those specific UTXO, not the addresses themselves nor their previous outputs.
If he's sending more than once to some addresses, he might be trying to increase the transaction fee when the victim tries to consolidate or "spend-all" by adding additional inputs.

Or just trolling/advertising a fork (together with the previous reasons) since the first five addresses are proof-of-burn addresses with vague meaning.

BTW, It doesn't end there, the change was spent by another 608 output transaction series (until it's empty? I didn't checked until the last).
And it wasn't even the start of that series of 20,000vB transactions, those transactions are somewhere in the middle
so this must be a large scale dust attack.

-edit-

It pointed me to this page (based from those first five addresses): https://memo.sv/topic/hmwyda
You can easily spot it, These are the first five addresses:

1Lets1xxxx1use1xxxxxxxxxxxy2EaMkJ
1fuLL1xxxx1power1xxxxxxxxxxzatvCK
1of1xxxxx1anonymity1xxxxxxxz9JzFN
1See1xxxx1memo1xxxxxxxxxxxxxBuhPF
1dot1xxxxx1sv1xxxxxxxxxxxxxwYqEEt
1topic1xxx1hmwyda1xxxxxxxxxvo8wMn
1xxxxxxxxxxxxxxxxxxxxxxxxxy1kmdGr

And it looks like the trolling/attack is not not exclusive to Bitcoin's chain.

But hey, bitcoin is transparent and verifiable anyway whats the problem?

But others wont be able to tell which ones belong to an ID/person unless for example:
he publicly displays that address or used to withdraw/deposit from/to an Exchange or service with KYC.
That what these kind of attacks are uncovering: linking a public/identified address(es) to another or to undisclosed ones.

[btcduster]

This is a very interesting read.
I've heard of these attacks before, but I never understood how a person could be threatened.

• Extremizing: an exchange that offers you $ 30 to register, after KYC, is practically performing a dust attack. Except that in that case, using the chain analysis company you just bought, you can perform a very efficient tracking of your UTXOs. Do you think this is an impossible scenario? it already happened.

it already happened.

Do you have any references for this information? It would be interesting to read a little about this IRL attack.
Looking at it, this is a threat only to people who have a lot of accumulated coins.

Another scenario,
If I am attacked this way, and then I decide to buy something with these satoshis, and if the buyer eventually puts the coins in their savings address, no one can prove that these coins are mine.

N.B. Quoting a part of a list is awful.

[fillippone]

This is a very interesting read.
I've heard of these attacks before, but I never understood how a person could be threatened.

• Extremizing: an exchange that offers you $ 30 to register, after KYC, is practically performing a dust attack. Except that in that case, using the chain analysis company you just bought, you can perform a very efficient tracking of your UTXOs. Do you think this is an impossible scenario? it already happened.

it already happened.

Do you have any references for this information? It would be interesting to read a little about this IRL attack.
Looking at it, this is a threat only to people who have a lot of accumulated coins.

I was referring to Coinbase.
Coinbase offered Wlecome Bonus to make sure you wanted to grab 30$ worth of Bitcoin, and do stupid things with those.
They also had the EARN proram, where they give you some obscure shitcoin for watching a few videos and then hope, again, you do stupid things with those coins.

Just remember:
Coinbase the most anti-Bitcoin organisation. Make #DeleteCoinbase great again

[1miau]

In fact dust the addresses! you can make a fake competition and a long list of your own addresses and wait for them to send you money.

Yes, but 547 Sats are not much. At least right now. 

The attacker might be using a software that follows those specific UTXO, not the addresses themselves nor their previous outputs.
If he's sending more than once to some addresses, he might be trying to increase the transaction fee when the victim tries to consolidate or "spend-all" by adding additional inputs.

Important point. Since our escrow isn't using SegWit here, that might get a bigger issue. 
We'll watch it carefully.

[nc50lc]

Important point. Since our escrow isn't using SegWit here, that might get a bigger issue. 
We'll watch it carefully.

Since there were already two dust UTXOs, you can now send them to a black-hole/dust-donation address using "coin-control" to get rid of them.
As long as the transaction doesn't reach 547B or above with 1sat/B fee rate, it will be valid with 547sat output.

Or use coin control when sending the price money.
Electrum has a useful "freeze coin/address" feature that will make this easy, as well as coin-control.

[Hueristic]

Pretty scary for Cryptocurrency enthusiast when they want privacy and scumbags dox this people, pretty crazy in regards to things that they do not get anything from it. Doxing is pretty scary especially if you are a private person.

SHUM

[Globb0]

In fact dust the addresses! you can make a fake competition and a long list of your own addresses and wait for them to send you money.

Yes, but 547 Sats are not much. At least right now.  

but if your fake "potential criminals list" competition in a suspicious area of the net contained a thousand addresses

That's over 5 bitcoin right?

Reading this thread, I expect they do it to targeted and then associated addresses. But hey if they are lifting things from the forum, as in the football pool example? it might work. (I suppose there was a google docs? as there usualy is? with all the addresses? maybe another place they are targeting

[1miau]

Important point. Since our escrow isn't using SegWit here, that might get a bigger issue. 
We'll watch it carefully.

Since there were already two dust UTXOs, you can now send them to a black-hole/dust-donation address using "coin-control" to get rid of them.
As long as the transaction doesn't reach 547B or above with 1sat/B fee rate, it will be valid with 547sat output.

Or use coin control when sending the price money.
Electrum has a useful "freeze coin/address" feature that will make this easy, as well as coin-control.

Ok, I will suggest this as a solution.
Many thanks for your help!

In fact dust the addresses! you can make a fake competition and a long list of your own addresses and wait for them to send you money.

Yes, but 547 Sats are not much. At least right now. 

but if your fake "potential criminals list" competition in a suspicious area of the net contained a thousand addresses

That's over 5 bitcoin right?

5 BTC? That would be nice but I think it's 1000 x 0.00000547 = 0.00547 BTC ?
Or how did you calculate 5 BTC? 

Reading this thread, I expect they do it to targeted and then associated addresses. But hey if they are lifting things from the forum, as in the football pool example? it might work. (I suppose there was a google docs? as there usualy is? with all the addresses? maybe another place they are targeting

It is an escrow address from willi9974 who is escrowing our funds. I don't know where he has used this address additionally. 

[fillippone]

Important point. Since our escrow isn't using SegWit here, that might get a bigger issue. 
We'll watch it carefully.

Since there were already two dust UTXOs, you can now send them to a black-hole/dust-donation address using "coin-control" to get rid of them.
As long as the transaction doesn't reach 547B or above with 1sat/B fee rate, it will be valid with 547sat output.

Or use coin control when sending the price money.
Electrum has a useful "freeze coin/address" feature that will make this easy, as well as coin-control.

Ok, I will suggest this as a solution.
Many thanks for your help!

Coin control is the key, when dealing with dust attack. I thought I made clear in the OP, but apparently it didn’t catch your attention. I will edit OP to detail exactly how to do this in at least a couple of Wallet (Electrum and Wasabi, just to start).

[fillippone]

In order to make the things more clear, I will detail how to mark some address as freezed so that the dusted coins do not mark other clean coins:

There are two separate possible case:

• If a dust attack hits an empty address, you can actually damage your privacy, if you are not aware of this attack. If you spend from that address, you are probably going to use the dusted UTXO with your other UTXO's, effectively linking a "past" address of yours with your current transaction. This is very dangerous.
• If a dust attack hits an address with a positive balance it is no major damage, I think: the dust comes together in the address with some other UTXO's, so it would have been trivial to follow those coins without the dust in the first place. Dust acts as a not-so-cheap marker of your public UTXO's. You know you are being tracked anyway on the blockchain, so you act consciously.

The action to be taken are then different:

• If the dusted address is empty: "Freeze address", this will prevent using the address in any future operation in the wallet
• If the dusted address is not empty: "Freeze Coin", this will freeze only the dusted UTXO (you can think as UTXO and Coins as synonymous, while the address will be able to spend the UTXO as usual.

ELECTRUM
I will show you the coin Control feature in Electrum, one of the most used wallet to offer such a feature.
If you are using another wallet and you get dusted, my suggestion is to import your wallet in Electrum and do the following steps.

To avoid privacy concerns I created a test wallet, dusted it and censored some relevant information.

This is the dusted Wallet.


I am assuming the dust hits an empty address, maybe one I used in the past and is now empty after a spend.

Freeze Address
Since the address is empty, and the only associated UTXO is dusted, I decide to block the whole address.
This will make this address unable to spend any coin.


1.Make Electrum show all your Addresses.
Click on "View" menù, select "Show Addresses"



2. Locate the address where you received the dust.
You might want to label it. In this case it is easy, as it is the only one address with a positive balance. In your case you might have many positive addresses.



3. Freeze the dusted address.
Right Click on the dusted address, select "Freeze"



4. The Address is now Freezed.
The address is highlighted in dark Blue



From now on, all the UTXO pertaining that address won't be used until the address is Freezed.
Those UTXO won't mix with other "clean" UTXO then, defending us from the Dusting Attack.

Freeze Coin

In case you receive the dust on an address with some other coins, you might not lose such coins. Then you can freeze the dust UTXO only.

1.Make Electrum show all your Coins.
Click on "View" menù, select "Show Coins"



2. Locate the UTXO that are the Dust.
You might want to label it. In this case it is easy, as it is the only one UTXO. In your case you might have many UTXO's.



3. Freeze the Coins.
Right Click on the dusted address, select "Freeze"



4. The Coin is now Freezed.
The coin is highlighted in dark Blue, and won't be spent in future transactions.

[OcTradism]

I use Electrum wallet but I did not pay my attention on Freeze option. I did not know Freeze is used to avoid Dust Attack. Beyond Dust Attack, any other use cases for the Freeze option in Electrum wallet, can you share more?

I feel worry what will happen after use Freeze and with search my fear is cleaned away. Frozen address can be unfrozen and it is simple to do. If misclick to Freeze one address, people can do backward Unfreeze that address later.

Frozen coins: In the same vein as frozen addresses you can also freeze individual unspent outputs which are also known as utxos or coins in the jargon. Frozen utxos show up with a coloured background on the coins tab. If the coins tab is not visible go to view menu > show coins to make it appear. To unfreeze a specific utxo just right click it and choose to unfreeze from the context menu that appears.

https://bitcoinelectrum.com/frequently-asked-questions/

[nc50lc]

I use Electrum wallet but I did not pay my attention on Freeze option. I did not know Freeze is used to avoid Dust Attack. Beyond Dust Attack, any other use cases for the Freeze option in Electrum wallet, can you share more?
-snip-

It's also for "coin control" when there're more inputs to spend than the to-be-excluded.
It's easier to freeze the unwanted UTXO(s) (coins tab) than selecting multiple inputs, specially when there are hundreds of them.

I feel worry what will happen after use Freeze and with search my fear is cleaned away. Frozen address can be unfrozen and it is simple to do. If misclick to Freeze one address, people can do backward Unfreeze that address later.

Frozen coins: In the same vein as frozen addresses you can also freeze individual unspent outputs which are also known as utxos or coins in the jargon. Frozen utxos show up with a coloured background on the coins tab. If the coins tab is not visible go to view menu > show coins to make it appear. To unfreeze a specific utxo just right click it and choose to unfreeze from the context menu that appears.

That's because it's a local wallet feature that won't affect the blockchain.
All it does is exclude those frozen addresses/coins whenever the wallet needs to automatically select inputs for your transactions.

BTW, that quoted message (freeze in the coins tab) is better than freezing addresses when it comes with "Dust Attacks"
since the usual targets are those frequently used, have been reusing and publicly displayed addresses.
If the user has frozen that address, he wont be able to spend his legitimate balance that was received through it.

[fillippone]

<....>

BTW, that quoted message (freeze in the coins tab) is better than freezing addresses when it comes with "Dust Attacks"
since the usual targets are those frequently used, have been reusing and publicly displayed addresses.
If the user has frozen that address, he wont be able to spend his legitimate balance that was received through it.

I had a thought about choosing if freezing coins (UTXO) or address.
I chose to show the "freeze address" methodology because I supposed the dust attack would affect empty addresses.

If a dust attack hits an address with a positive balance it is no major damage, I think: the dust comes together in the address with some other UTXO's, so it would have been trivial to follow those coins without the dust in the first place. Dust acts as a not-so-cheap marker of your public UTXO's. You know you are bein tracked anyway on the blockchain, so you act consciously.

If a dust attack hits an empty address, you can actually damage your privacy, if you are not aware of this attack. If you spend from that address, you are probably going to use the dusted UTXO with your other UTXO's, effectively linking a "past" address of yours with your current transaction. This is very dangerous.

This is why I chose to select the "freeze address" procedure: I want to freeze dust on "empty" addresses only, because I think dust in addresses with UTXO's is not so dangerous, after all.

Please let me know if you dissent from this, so I can elaborate more in the guide.

EDIT:
I completely forgot about that message of yours here:

<...>
The attacker might be using a software that follows those specific UTXO, not the addresses themselves nor their previous outputs.
If he's sending more than once to some addresses, he might be trying to increase the transaction fee when the victim tries to consolidate or "spend-all" by adding additional inputs.

Or just trolling/advertising a fork (together with the previous reasons) since the first five addresses are proof-of-burn addresses with vague meaning.

Yes, it could be the case, but it looks highly un effective tactic. I really don get it why an user should do that.
If I had received those transactions, the last thing I would have done would have been, if I ever had realised the presence of such an "hidden message", it would have been to go and check that website.
If the objective would have been a "spam attack" to increase the network fees, well there would have been other, more efficient ways to do so.

[Karartma1]

Why don't you consider UTXO's with dust txs dangerous?
I am lucky enough to have had only one previous UTXO with quite a large amount under a spam/dust attack. When I saw that I marked that specific dust UTXO as do not spend.
Ok, we can't avoid being tagged by dust as we speak but I'd rather prefer freezing them as soon as I realize it.
Better to take one hit and leave a scar, than to fight the battle and possibly losing a war in the long run. Put it differently, to me tagging received dust is like eliminating damage sources which are not under my control (who knows one day that leaving the dust behind can completely nullify my opsec?).

[nc50lc]

-snip-

-snip-
This is why I chose to select the "freeze address" procedure: I want to freeze dust on "empty" addresses only, because I think dust in addresses with UTXO's is not so dangerous, after all.

Please let me know if you dissent from this, so I can elaborate more in the guide.

That's reasonable for used empty addresses, users shouldn't be reusing addresses anyways.
But it's best not to include those dust from loaded addresses to avoid unnecessary additional fee and cut the link from the source in case they came from illicit sources.

Perhaps you should add some use-cases like if you've received dust to an empty used address, freeze that address; if with unspent outputs, freeze the coin.
Because it depends on the situation whether it's best to freeze coins or addresses.

[fillippone]

<...>

Perhaps you should add some use-cases like if you've received dust to an empty used address, freeze that address; if with unspent outputs, freeze the coin.
Because it depends on the situation whether it's best to freeze coins or addresses.

Thanks for the suggestion, I have just done that. Hope you like the guide! Any other idea is more than welcome.

[OgNasty]

In short... Learn to manage your coins and ignore dust. Getting dusted in itself is no reason for fear. Not understanding how to properly manage your coins is the danger, and that is something that can lead to loss of privacy whether you’ve been dusted or not.