Finder makes money from featured partners, but editorial opinions are our own.

Litecoin dusting attack: How UTXOs and dusting attacks work

shutterstock fingerprint security crypto 450x250

Picture not described

There are nefarious and non-nefarious ways of analysing UTXOs. Dusting attacks are the former.

Last Friday, Binance pointed out a large scale dusting attack taking place against Litecoin holders.

Dusting attacks are "a relatively new kind of malicious activity", Binance says.

A light dusting

A dusting attack involves sprinkling cryptocurrency wallets with a light dusting of tiny amounts of free money as part of an effort to identify the owners and connect multiple wallets. The definition of dust in cryptocurrency is an amount of crypto that's below the transaction fee needed to send it.

"After dusting multiple addresses, the next step of a dusting attack involves a combined analysis of those various addresses in an attempt to identify which ones belong to the same wallet," Binance explains. "The goal is to eventually be able to link the dusted addresses and wallets to their respective companies or individuals. If successful, the attackers may use this knowledge against their targets, either through elaborate phishing attacks or cyber-extortion threats."

How does dusting let you de-anonymise wallets?

But the blockchain is public anyway, right? So what do attackers get from all this dust that they can't get from just looking at the blockchain? The answer has to do with the unspent transaction outputs (UTXO) system used by Bitcoin, Litecoin and others.

This system is basically how the Bitcoin blockchain "thinks about" the money in its network and builds a complete transaction history for every coin in existence.

At any given time, all the money in your wallet is an unspent transaction output. It's in your wallet because it hasn't been spent yet – hence the name. When you add up every UTXO in existence, you're just adding up all the wallet balances in existence.

Your UTXOs and your wallet balance will always be the same amount, but they aren't the same thing.

This is because most Bitcoin (and Litecoin and other) wallets work by allowing you to generate an almost limitless amount of new addresses for each transaction, all through a single easy wallet interface and a single seed phrase. The Bitcoin whitepaper gives a nod to this, by specifically saying: "as an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner."

This is what the now-standard "hierarchical deterministic wallet" is. It's a wallet that generates new addresses for each transaction to better protect your privacy.

  • UTXO: The unspent transaction output associated with a specific transaction that entered the wallet.
  • A Bitcoin wallet balance: The combined UTXO of all the keys associated with a specific Bitcoin wallet.

The point of a dusting attack is to tie together a bunch of different addresses and identify them as belonging to the same wallet owner. The reason the dust helps is because wallets will automatically sweep together a bunch of UTXOs from different addresses.

Essentially, an attacker will sprinkle that dust over a bunch of different wallets, and then watch that dust to see how much of it gets swept up into the same transaction. If it does, the attacker can conclude that the same person owns all of those addresses.

Non-nefarious UTXO analysis

Basically, outgoing transactions destroy UTXOs, and then create new ones on the receiver's end. This means there are also some non-nefarious things you can do by analysing UTXOs, which can present interesting insights.

For example, here's a comparison of UTXOs in Bitcoin (top left), Bitcoin Cash (top right) and Litecoin (bottom).

Picture not described


We can observe a few interesting things from this, and jump to a few conclusions.

The following are some observations we can make from the data:

  • BTC and BCH UTXOs were identical pre-fork (duh). Then BCH's UTXO rate immediately plateaued following the fork before picking up again later. However, the BTC UTXO count just kept right on growing.
  • The 2013 and 2015 bull runs both saw quick spikes in UTXO count.
  • Most Litecoin UTXOs were created almost immediately after creation.

Based on that, we can jump to the following conclusions:

  • Bitcoin Cash was much less used than Bitcoin immediately following the fork.
  • Bitcoin usage is growing extremely quickly.
  • Litecoin saw almost all its use immediately after creation and didn't do much of anything until it caught attention in late 2017.

This might be true once again, with Litecoin creator Charlie Lee recently conceding that "the honest truth is that no one is interested in working on Litecoin protocol development work".

Of course, you have to be cautious with it given how many factors play into UTXO count.

For example, the more expensive a coin is the more UTXOs will be created for the same fiat currency transaction size. There are also a lot of different ways wallets handle UTXOs, and depending on which wallet is most popular, you might get different outcomes:

  • The Bitcoin Core wallet tries to find a perfect UTXO match for the amount you want to send and aims to reduce the amount of spare change generated for new transactions.
  • Bread Wallet uses a simple "first in first out" system.
  • Mycelium and Electrum use a similar "first in first out" system, while also trying to prune small UTXOs where possible.

And then you have factors such as dust attacks, which very specifically result in the creation of countless new UTXOs.

Also watch

Disclosure: The author holds BNB and BTC at the time of writing.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Get started with crypto

Ask an Expert

You are about to post a question on

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and 6. Finder Group Privacy & Cookies Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Go to site