UTXO probing attack using payjoin

Payjoin, a privacy-enhancing tool within the cryptocurrency domain, presents an intriguing facet through which one can probe for Unspent Transaction Outputs (UTXOs) in another's wallet without actually transferring any Bitcoin. This capability, known as the UTXO probing attack, is meticulously detailed within the realms of BIP 77-78. The essence of this technique allows individuals to ascertain the UTXOs of a recipient's wallet, thereby raising potential privacy concerns, especially considering the recipient remains unaware of such probing activities.

A practical demonstration highlighting this phenomenon utilized the BullBitcoin wallet, notable for its support of Payjoin v2 alongside compatibility with the testnet3 environment. This choice was driven by the wallet's unique position as the sole supporter of these features at the time of testing. The exploration into this area was shared comprehensively in a post, designed to shed light on the nuances and operational mechanics behind the UTXO probing attack.

The discourse surrounding Payjoin emphasizes the importance of exercising caution, particularly in the selection of parties one engages with using this protocol. It underscores the advisability of limiting Payjoin transactions to entities or individuals where a foundation of trust exists. This advisory stems from the inherent privacy trade-offs that accompany the sharing of information during a Payjoin transaction, suggesting a careful consideration of the implications tied to engaging in such financial exchanges.