A very strange dust attack or an attempted robbery?

[MusaMohamed]

They move from altcoins to Bitcoin but using a same method for Address Poisoning Attacks.

Metamask: Address Poisoning scams

I see many exchanges recent years upgrade their systems to remind users to check first and last characters of address they are sending cryptocurrency to. In addition, if possible, if have time (I am surely have time because it's my money), checking all characters or some characters in the middle of address is useful to avoid Address Poisoning scams.

How to lose your Bitcoins with CTRL-C CTRL-V. Copy some characters in the middle of address and find it in a receiving address is helpful too.

[1714833381]

1714833381

[1714833381]

1714833381

[pooya87]

-Using a good wallet that lets you block incoming dust transactions is a smart move.

You cannot block incoming tx's into your wallet, in other words you can't stop someone from sending you BTC's.

I believe what @albert0bsd means by "block" is to either "freeze" or "hide" these outputs either manually or automatically so that you don't see them when spending from your wallet to avoid such mistakes. For example Electrum has manual output/coin freezing option.

[un_rank]

I'm confused about where they get those thousands of addresses for dust attacks.

Technically, I don't know how this works further with them but I think this wasting of time since we know most people will always double-check transactions before sending or transferring to another address.

There are ways they can do that.

Most people will most of the time double check just the first and last few words, there can still be loopholes which scammers can exploit. Scammers are after the few times where we forget to double check or after those users that do not check at all.

I believe what @albert0bsd means by "block" is to either "freeze" or "hide" these outputs either manually or automatically so that you don't see them when spending from your wallet to avoid such mistakes. For example Electrum has manual output/coin freezing option.

AFAIK some wallets allow one to do this manually after they have already received the dust transaction or any type of transaction that they will not want to be mixed with their other outputs, but I do not know of any automatic way to do this, where an incoming transaction gets automatically frozen based on some preset rules, like:
- less than a certain amount of sats or,
- from a certain address.

This will be a useful but I do not know if it is available now.

- Jay -

[Kakmakr]

It surely is a lot of trouble for the small chance that people will actually "copy&paste" the wrong address? In any way, since the "Clipboard" attacks, I am double checking all addresses I use, before I click on the "enter" button, because I know they try things similar to this in that hack.

It is sad that people will go so far and put in so much effort to steal people's money, when they have the skills to work for that money. I guess it is easier to steal, than making an honest living these days. 

[MusaMohamed]

I believe what @albert0bsd means by "block" is to either "freeze" or "hide" these outputs either manually or automatically so that you don't see them when spending from your wallet to avoid such mistakes. For example Electrum has manual output/coin freezing option.

You are right.
To freeze an address, right click on that address, choose Freeze.
To freeze an UTXO, right click on that address, choose Add to Coin control. Then on Coins tab, right click on an UTXO, choose Freeze (two options, Freeze coins; Freeze address).

Dust Attack, what it is, why it is dangerous and how to prevent falling to it
Freeze an address in Electrum
Guide to freeze address in Electrum wallet

[NotATether]

It seems that the attacker is not making any vanity bech32 addresses according to the explanation in OP, just legacy addresses.

I mean what is this guy thinking. Does he really think some random guy is going to send money to address he just got sats from? Most likely what will happen is they will just keep the sats and not send it anywhere. It's a pretty lame scam attempt that won't work at all - besides he just copied first 2 and last 4 characters.

[pooya87]

besides he just copied first 2 and last 4 characters.

Yeah, it's the poor mans scam for sure
The scammer probably had a slow machine that couldn't brute force more than 2 from the start and 4 checksum characters. In fact the forth letter was the first thing I noticed that helped me recognize the difference.