pull down to refresh

Dust Attack explained
948 sats \ 12 comments \ @bitcoin_devs 26 Mar bitcoin

šŸ§¹ Dust Attack Explained

What is "Dust" in Bitcoin?

Dust refers to tiny amounts of Bitcoin that are so small, they become unspendable due to high transaction (tx) fees.

Why can't dust be spent?

Because the transaction fees required to move the dust are greater than its value.
tx fees > value of the dust

Example:

If a UTXO is only 300 sats, but it costs 500 sats in fees to spend it, it's considered dust.
šŸ’” Most wallets set the dust limit around 546 satoshis for legacy addresses.

Why should I care?

Because dust can be used in attacks to track your transactions.

How a Dust Attack Works:

Step 1: Attacker sends tiny BTC amounts to your wallet

Then waits for you to spend them.

Step 2: Linking Addresses

When you spend the dust, you likely combine it with your real UTXOs.
This links your real addresses to the dust address.

Step 3: De-Anonymizing

Once your addresses are linked, attackers can analyze transactions and try to trace your identity.
šŸ” Follow @Bitcoin_Devs for more technical breakdowns like this.
write
preview
related posts
0 sats \ 0 replies \ @fiatbad 27 Mar
Why did you stop on Step 3?!?!
There must be another step. What's the point in "tracing identity" if they aren't going to do something with it?
Wrench attack seems the most obvious. What else, though?
reply
0 sats \ 0 replies \ @bitcoin_devs OP 27 Mar
nearly 30% of all the UTXOs have a value of 546 sats
(from w_s_bitcoin on X)
reply
0 sats \ 6 replies \ @ZezzebbulTheMysterious 26 Mar
I really have my doubts about the value of dusting for tx graph discovery.
An adversary already knows the full tx graph, itā€™s a transparent ledger! I donā€™t think one can learn anything you couldnā€™t already see onchain. You can see where every sat is locked anyway!
Iā€™ve def had had dust on the old addrs. I always do coin control and leave the old utxos. It might have value to see that an old addr was used in the past ā€” but again, transparent ledger and full tx graph. Itā€™s there for all eternity.
reply
0 sats \ 5 replies \ @ek 26 Mar
An adversary already knows the full tx graph, itā€™s a transparent ledger! I donā€™t think one can learn anything you couldnā€™t already see onchain. You can see where every sat is locked anyway!
You donā€™t know the relationship between transactions.
But if I send you a few sats and later you buy something for 1m sats and you include the dust I sent you in the inputs, I can tell that you bought something for 1m sats. If you donā€™t include my dust, I canā€™t tell.
reply
0 sats \ 4 replies \ @ZezzebbulTheMysterious 27 Mar
Yes you can tell! You watch the address and see where the funds go. You learn nothing by dusting that you couldnā€™t already see.
reply
100 sats \ 1 reply \ @ca 30 Mar
You don't understand it.
The receiver likely generates a new address each time.
When you ask someone for an address, the person will give you a virgin address.
The attacker wants to know THE OTHER addresses of the victim.
When the victim spends from that wallet the virgin address and the others will become visibly linked so that you know more about the victim's true bitcoin balance
reply
0 sats \ 0 replies \ @ZezzebbulTheMysterious 31 Mar
Yes, which would be visible on the blockchain. The linking occurs from spending, its nothing to do with the dust. Its a marker that doesn't really add much.
You see the source, and the destination of all sats. If you watch an address (the same as dusting), you learn exactly the same thing you would learn without the dusting.
reply
20 sats \ 1 reply \ @ek 27 Mar
You didn't get it but I don't care so I won't explain it to you again.
reply
0 sats \ 0 replies \ @ZezzebbulTheMysterious 6h
I thought about this and I understand where the misunderstanding is. I hope if a future reader finds this they understand this concept better.
I think the exactly scenario on this is poorly documented about the dust attack in general. As written and described most places, its a redundant attack for the reasons I have specified -- the attacker learns nothing additional. Most write ups seem to treat the dust as a "marker", but we don't need to mark things on transparent blockchains, however, we might want to force a certain broken wallet behavior that links addresses.
How much in practice this wallet behavior manifests is dubious too IMHO due to the uneconomical nature of spending dust. In most cases a wallet with sufficient spendable UTXOs is not going to start digging up old dust from other addresses to stuff into inputs.
The nuance is in combining dust, -- but only from an address with no other associated UTXOs (eg balance is just dust). Consider: Address A and B, and C. A and B are controlled by the target, and C is a 3rd party seller. There is UTXO uA and uB. uA is 1m sat. uB is 1m sat. Attacker dusts A and B and generates new UTXOs uA' and uB' of 546 sat each.
If someone wanted to pay ~2m sat (-fees) to C, the attacker learns nothing additional from inputs (uA+uB+uA'+uB')->C, Likewise for (uA+uB+uA')->C or (uA+uB+uB')->C or (uA+uB)->C. This is what I am referring to, and the most likely combination of UTXOs in wallets in practice.
However, lets say in this scenario uB=0s, eg: balance(B)=546s, and we want to send 1m sat to C.
The wallet would have to calculate the optimal tx as: (uA+uB')->C [which would very likely be uneconomical vs including another larger UTXO] Yes, the attacker is learning that A and B are related, assuming uB was spent early on another unrelated transaction. That would not be apparent from the transaction ledger.
Be careful with dust. You can spend dust from an address safely as long as it only contains the same address as the inputs. eg: (uA+uA')->C. Or is a one of more dusts to the same address. eg: (uA' + uA'')->C. The attacker learns nothing.
As long as the dust address is also the 'main funds' address, its just reducing the UTXO set. Spending unrelated dust is leaking a wallet/key relationship that would not be observable otherwise. eg: (uA+uB')->C, attacker learns A and B are in the same key set.
reply
0 sats \ 1 reply \ @JesseJames 26 Mar
Another reason to use one address per transaction as your "daddy" taught you. :-)
reply
0 sats \ 0 replies \ @ek 28 Mar
how does this help against dust attacks?
reply
0 sats \ 0 replies \ @BlokchainB 26 Mar
Donā€™t think I ever been dusted
reply