pull down to refresh
70 sats \ 6 replies \ @SimpleStacker 28 Mar \ on: Dust Attacks as a Service security
Is the idea of dust attack that the dust is too small to spend on its own, but spendable if bundled with another TX? and so you hope that it gets bundled into a tx with another address, thus identifying the two as having the same xpub?
Is the idea of dust attack that the dust is too small to spend on its own, but spendable if bundled with another TX?
Yes.
and so you hope that it gets bundled into a tx with another address, thus identifying the two as having the same xpub?
If you mean with "same xpub" that they have the same owner, yes, pretty much.1 You now have a foot in the door that is their onchain history.
For example, maybe you're now able to tell where they got this other utxo (or multiple!) from, if they are using multisig via
OP_CHECKMULTISIG, if they will open a lightning channel etc.But afaik, taproot can make all transactions look the same so if you're using taproot addresses, dust attacks might be useless. But not sure. And not many utxos probably use taproot yet. They might pay into a taproot address when spent, but they didn't yet in the past.
Want to try? 👀
Footnotes
-
I think it's just a (pretty good) heuristic though. ↩
reply
How would I dust attack a target? Send dust to a known address of theirs, then wait for them to spend the dust UTXO along with other UTXOs together in one tx?
reply
reply
If I think of a target I will let you know!
reply
reply
But how would I know which address belong to the target unless they've broadcasted it? Which I assume would mean it's a public address for receiving