reply on: Dust Attacks as a Service \ stacker news ~security

pull down to refresh

30 sats \ 5 replies \ @ek OP 28 Mar \ parent \ on: Dust Attacks as a Service security

Is the idea of dust attack that the dust is too small to spend on its own, but spendable if bundled with another TX?

Yes.

and so you hope that it gets bundled into a tx with another address, thus identifying the two as having the same xpub?

If you mean with "same xpub" that they have the same owner, yes, pretty much.¹ You now have a foot in the door that is their onchain history.

For example, maybe you're now able to tell where they got this other utxo (or multiple!) from, if they are using multisig via OP_CHECKMULTISIG, if they will open a lightning channel etc.

But afaik, taproot can make all transactions look the same so if you're using taproot addresses, dust attacks might be useless. But not sure. And not many utxos probably use taproot yet. They might pay into a taproot address when spent, but they didn't yet in the past.

Want to try? 👀

I think it's just a (pretty good) heuristic though. ↩

0 sats \ 4 replies \ @SimpleStacker 28 Mar

How would I dust attack a target? Send dust to a known address of theirs, then wait for them to spend the dust UTXO along with other UTXOs together in one tx?

51 sats \ 3 replies \ @ek OP 28 Mar

Yes

0 sats \ 2 replies \ @SimpleStacker 28 Mar

If I think of a target I will let you know!

0 sats \ 1 reply \ @ek OP 28 Mar

I want to add that I was thinking more about sending it to a new address they have the private keys for though (no address reuse) but I think it should also work if you reuse an address of them.

0 sats \ 0 replies \ @SimpleStacker 28 Mar

But how would I know which address belong to the target unless they've broadcasted it? Which I assume would mean it's a public address for receiving

Footnotes