Strange network activity behind Litecoin active addresses.

Active Litecoin addresses on the network show interesting patterns that suggest that unknown entities are performing large-scale, periodic automated operations.

On average, the network sees about 40,000 active addresses per day, but according to data from bitinfochart, this number spikes to over 70,000 every seven days before suddenly dropping again. This resulted in a sawtooth pattern that was very evident when viewed roughly.

This behavior appears to have started on August 20, 2019 and has continued to occur weekly at varying intensities since then. Prior to this, a very noticeable dust attack occurred on August 10, 2019. Unless a large economic network entity implements a way to automatically manage and move Litecoin holdings (a method that seems unnecessary this often), this activity appears to be related to the August 10th attack.

Dust is a small amount of Litecoin, typically worth a penny, and cannot be used without being included in a transaction with the victim’s other funds, thereby tying ownership of the asset. If the two are connected, the attacker appears to have chosen to scale down the operation and emit dust more frequently based on different active users over a weekly period. This allows you to generate more detailed and useful insights as you track and map interactions between participants.

Without access to more data tools for the Litecoin network, it is difficult to properly analyze the behavior behind it. What is clear, however, is that there is no spike in the total number of transactions and the average value transferred is also uncorrelated. If it is later confirmed to be a dust attack, unfortunately no one will ignore it unless those mining the network set new rules to mitigate the spread of such dust, or unless non-mining nodes economically pressure miners to implement these rules. There isn’t much you can do except try. There is dust in your wallet.

Ultimately, it is up to the network participants to resolve this issue or change in pressure. That is, if the majority sees this as a problem requiring such action and there is an effective set of rules that can be applied to quarantine and reject spam. Without affecting legitimate network uses such as development and infrastructure testing.