The attacker might be using a software that follows those specific UTXO, not the addresses themselves nor their previous outputs.
If he's sending more than once to some addresses, he might be trying to increase the transaction fee when the victim tries to consolidate or "spend-all" by adding additional inputs.
Or just trolling/advertising a fork (together with the previous reasons) since the first five addresses are proof-of-burn addresses with vague meaning.
BTW, It doesn't end there, the change was spent by another 608 output transaction series (until it's empty? I didn't checked until the last).
And it wasn't even the start of that series of 20,000vB transactions, those transactions are somewhere in the middle so this must be a large scale dust attack.
It pointed me to this page (based from those first five addresses): https://memo.sv/topic/hmwyda
You can easily spot it, These are the first five addresses:
- 1Lets1xxxx1use1xxxxxxxxxxxy2EaMkJ
- 1fuLL1xxxx1power1xxxxxxxxxxzatvCK
- 1of1xxxxx1anonymity1xxxxxxxz9JzFN
- 1See1xxxx1memo1xxxxxxxxxxxxxBuhPF
- 1dot1xxxxx1sv1xxxxxxxxxxxxxwYqEEt
- 1topic1xxx1hmwyda1xxxxxxxxxvo8wMn
- 1xxxxxxxxxxxxxxxxxxxxxxxxxy1kmdGr
And it looks like the trolling/attack is not not exclusive to Bitcoin's chain.
