Someone made a small, apparently fraudulent, transaction to my public address. What is the purpose behind it?

0

1

I have a small e-commerce site and someone made three cryptocurrency purchases just seemingly to know my public addresses as she never paid the cost of goods. The three addresses she viewed are public derived from the master public key so there shouldn't be any security problems there afaik.

She seemingly wanted to know my BTC, ETH and LTC addresses but only made a small transaction of $1.89 in BTC. I got 0.2¢ and other address got the rest. Here's the blockchain transaction data.

By the multiple transactions from this address and others related to it, it looks like if someone is trying to move a large quantity of BTC through multiple addresses to make it difficult to track. But why using public addresses from e-commerce sites like mine? Shouldn't be the same creating multiple new addresses? Maybe you can extract more meaning from this transaction and the intention behind it.

For additional info, the IP from where she made the purchases at my site is 68.65.122.134

ManjaroDan

Posted 2020-05-28T11:21:43.460

Reputation: 3

Answers

0

She might be expecting you to make a transaction consolidation all of those coins you received. Since the inputs of a transaction are almost always the coins (in jargon "unspent outputs") of the same person, she could then find the transaction which spent those 0.2 cents, add up all the inputs, which would be the amount you earned in the last N days.

MCCCS

Posted 2020-05-28T11:21:43.460

Reputation: 8 689

So, if I understood right, she's trying to know my income in crypto to see if it's worth the effort to hack my website? Is there a way to avoid this security issue? For example, using a crypto payment platform as a middleman? – ManjaroDan – 2020-05-28T20:21:31.160

Yes, then they would also be able to see your customers' balances. Yes, a crypto-accepting payment processor such as BitPay would solve those privacy issues. – MCCCS – 2020-05-28T20:42:17.643

Thanks @MCCCS can you provide a link to an article that explain this more in depth? I don't understand how can they see all our balances just with a small transaction to one of my public addresses because my wallet may or may not incorporate those coins to a transaction and it's hard to tell from the blockchain what addresses are part of my wallet, what outputs are change or which are intended for the recipient. Also I've searched BitPay for articles on how they would solve this privacy issue in detail. By your same reasoning anyone could know my wallet from the BitPay address when they pay me – ManjaroDan – 2020-06-10T20:38:59.180

https://en.bitcoin.it/wiki/Privacy#Common-input-ownership_heuristic You wallet may include some of the coins enough to account for the total output, but it might also merge all of the coins in the transaction. Here's an example of a transaction shown on a block explorer that shows possible privacy issues: https://blockstream.info/tx/44ca53186c56827d3ea9e1e2bbbc2e8ce0757729b4fbff7ee024402d6431649e As you might guess the output with less decimal digits is for the recipient (0.23) while the ugly number is the change 0.00137737. – MCCCS – 2020-06-11T07:07:11.923

BitPay has lots of circulating coins, they'll receive your coins to their accounts and increase your balance number. When you want to receive your coins they'll send that balance number of random coins from their pool coins. – MCCCS – 2020-06-11T07:08:14.907