A dusting attack is a surveillance technique where an attacker sends minuscule amounts of cryptocurrency (“dust”) to a large number of wallet addresses, then monitors how those funds move to link addresses together and deanonymize users. The goal is to break the pseudonymity of blockchain transactions by mapping wallet clusters to real-world identities.
How It Works
Every transaction on a public blockchain like Bitcoin is visible to anyone. While addresses are pseudonymous, spending patterns can reveal which addresses belong to the same person. Dusting attacks exploit this:
- Distribution — The attacker sends tiny amounts (a few hundred satoshis on Bitcoin, often below the transaction fee threshold) to thousands of addresses.
- Waiting — The attacker monitors the blockchain for when dust is spent.
- Clustering — When a user unknowingly includes the dust in a transaction alongside other inputs, the attacker can link those inputs as belonging to the same wallet.
- Deanonymization — By combining on-chain clustering with off-chain data (KYC records from exchanges, social media, IP addresses), the attacker can identify the wallet owner.
What Counts as Dust?
“Dust” technically refers to an amount so small that the gas or transaction fee to spend it exceeds the amount itself. On Bitcoin, the dust limit is typically around 546 satoshis (0.00000546 BTC). Attackers send amounts at or just above this threshold.
| Chain | Typical Dust Amount | Dust Limit |
|---|---|---|
| Bitcoin | 546–1,000 satoshis | ~546 satoshis |
| Litecoin | 0.00001 LTC | Protocol-defined |
| Ethereum | Tiny fractions of ETH | Economic (gas cost) |
Who Conducts Dusting Attacks?
- Blockchain analytics firms tracking illicit funds
- Government agencies investigating money laundering or tax evasion
- Scammers attempting to phish or extort identified users
- Competitors analyzing business wallets
How to Protect Against Dusting
The simplest defense is to not spend the dust. Most modern wallets flag or isolate dust inputs, preventing them from being included in transactions. Some wallets allow users to mark UTXOs as “do not spend.” Using privacy coins like Monero or CoinJoin mixing services can also mitigate tracking.
History
- 2018 — Large-scale dusting attacks are first widely reported on the Litecoin network, affecting hundreds of thousands of addresses.
- 2019 — Binance’s Samourai Wallet integration adds dust attack detection and UTXO freezing as a countermeasure.
- 2020 — Blockchain analytics firms acknowledge using dust-like techniques as part of transaction tracing services.
- 2023 — Dusting attacks expand to EVM chains, with attackers sending small token amounts alongside phishing messages in transaction metadata.
Common Misconceptions
“Dusting attacks steal your funds.”
Dusting attacks do not steal cryptocurrency. The dust itself is practically worthless. The threat is to privacy — the attacker’s goal is surveillance and deanonymization, not direct theft. However, the information gained could enable targeted phishing, extortion, or social engineering attacks.
Social Media Sentiment
Dusting attacks generate periodic concern on crypto forums, especially when users notice unexplained small deposits in their wallets. The Bitcoin and privacy coin communities regularly advise against spending unknown dust. On Ethereum and Solana, a related technique — airdropping scam tokens that link to phishing sites — has become more common than traditional dusting.
Last updated: 2026-04
Related Terms
Sources
- Binance Academy — What is a Dusting Attack? — comprehensive overview of attack mechanics.
- Chainalysis Blog — Transaction Monitoring — blockchain analytics perspective on address clustering.
- CoinDesk — Dusting Attacks Explained — reporting on major dusting incidents.
- Bitcoin Wiki — Dust) — technical definition of dust on the Bitcoin network.