What is a Dusting Attack?
A dusting attack is a surveillance technique where an attacker sends microscopic amounts of cryptocurrency (“dust”) to a large number of wallet addresses. The goal isn’t to steal funds directly — it’s to track which wallets interact with each other, eventually linking separate addresses to a single identity.
The term “dust” comes from Bitcoin’s concept of dust transactions — outputs so small they cost more in fees to spend than they’re worth. In a dusting attack, these tiny amounts serve as tracking markers.
How Dusting Attacks Work
1. Attacker identifies target wallets (e.g., all addresses holding > 1 BTC)
2. Attacker sends a tiny amount (e.g., 0.0001 BTC / 500 satoshis) to each
3. Attacker monitors the blockchain for when the dust is moved
4. When the victim spends the dust alongside their main balance,
both UTXOs appear in the same transaction
5. Attacker now knows both addresses belong to the same person
6. Repeat to build a full wallet cluster and de-anonymize the userThe UTXO Tracing Problem
Bitcoin uses an Unspent Transaction Output (UTXO) model. When you send a transaction, the wallet combines multiple UTXOs as inputs. If a dust UTXO gets bundled with your real funds, the blockchain reveals that all those inputs belong to the same wallet — breaking the separation between addresses.
This is primarily a Bitcoin UTXO problem. Account-based chains like Ethereum are less affected because the account model doesn’t mix inputs the same way.
Dusting vs Legitimate Micro-transactions
Not all small transactions are attacks. Legitimate uses of dust include:
- Exchange withdrawals — Splitting large withdrawals into test amounts
- Lightning Network channels — Opening and closing involves small outputs
- Mining payouts — Pool payouts to miners can be tiny
- Token airdrops — Projects sending tokens to many recipients
The difference: dusting attacks come from unidentified addresses and target specific wallet clusters systematically.
Impact by Blockchain
| Blockchain | Vulnerability | Why |
|---|---|---|
| Bitcoin | High | UTXO model allows input linking |
| Litecoin | High | Same UTXO model as Bitcoin |
| Ethereum | Low | Account model doesn’t mix inputs |
| Monero | None | Privacy by design — amounts and addresses hidden |
| Zcash | None | Shielded transactions hide all metadata |
How to Protect Yourself
1. Don’t Spend the Dust
If you notice unsolicited tiny deposits in your Bitcoin wallet, simply ignore them. Most modern wallets allow you to mark UTXOs as “do not spend.” As long as you don’t include them in a transaction, they can’t link your addresses.
2. Use Coin Control
Advanced wallets like Electrum, Sparrow Wallet, and Wasabi Wallet support coin control — you can manually select which UTXOs to include in a transaction, explicitly excluding dust inputs.
3. Use a Privacy Wallet
Privacy-focused wallets automatically handle dust:
- Wasabi Wallet — Uses CoinJoin to mix UTXOs
- Samourai Wallet — Stonewall transactions obscure input linking
- Monero — Ring signatures make dusting ineffective by design
4. Use Separate Wallets
Maintain separate wallets for different purposes. If one gets dusted, the attacker can only link addresses within that wallet, not across your entire portfolio.
Dusting in Regulatory Context
Law enforcement agencies use dusting-like techniques for legitimate purposes — tracing ransomware payments, identifying money laundering networks, and mapping criminal wallet clusters. Chainalysis and Elliptic provide blockchain analytics tools that perform sophisticated versions of dust tracing for compliance and investigation.
This creates a tension between privacy-conscious users (who want to avoid being tracked) and regulators (who want traceability for AML compliance).
Frequently Asked Questions
Q: I received a tiny BTC deposit from an unknown address. Was I dusted? A: Possibly. Check if the amount is negligible (a few hundred satoshis) and the sender is unknown. If so, don’t spend that specific UTXO. Your wallet may have a “mark as unspendable” option.
Q: Can dusting attacks steal my funds? A: No. Dusting is a privacy attack, not a theft attack. The dust sits in your wallet harmlessly. The risk is only if you combine it with other funds in a transaction.
Q: Does dusting work on Ethereum? A: Minimally. Ethereum’s account model means receiving dust doesn’t create linkable UTXOs. However, sending dust as ERC-20 tokens can still be used for address poisoning attacks.
Q: How much does a dusting attack cost the attacker? A: Very little. Sending 500 satoshis to 10,000 addresses costs roughly $5-50 in dust plus transaction fees. The data gained is worth far more to analytics firms and criminals.