This occurred to me, whilst experiencing a problem that I’ve posted about.
Attacker learns victims wallet address. Attacker mints a few thousand tokens with long asset names to their wallet (mint or mint & batched transfer) rendering the victims wallet unusable. Attacker informs victim what they did. Attacker proves their identify by minting unique asset. Attacker demands ransom to burn assets.
Victims wallet will be unusable because the output tx will be over 16KB and victim will get OutputTooBigUTxO / MaxTxSizeUTxO when trying to send anything.
This is pretty bad, or am I missing something?