Crypto dusting attacks: What they are and how to protect yourself

Every crypto transaction stays visible on a public blockchain, even if you use a secure wallet, so anyone can follow how funds move between addresses over time.

That transparency creates room for a quiet type of extortion known as a crypto dusting attack. Modern wallets include strong security features, yet dusting attacks still happen because they don’t target the software itself. The attack creates privacy and security risks by turning routine transactions into recognizable personal patterns that attackers can use to de-anonymize users.

In this article, we’ll walk through what dusted crypto is and what you can do to protect your privacy and funds.

What’s a crypto dusting attack?

Crypto dusting attacks are a kind of social engineering attack that traces wallet networks and collects user data for future security attacks. They happen when a malicious actor sends extremely small amounts of cryptocurrency to many wallet addresses. Users call these tiny amounts “dust” because they’re an amount of crypto so small they often go unnoticed.

The amount of dust often sits just above a network’s threshold, a number that changes depending on transfer type. Quantities below that threshold cost more to spend than they’re worth, so proof-of-stake nodes usually refuse to relay transactions that create them.

On the Bitcoin (BTC) blockchain, for example, dust might consist of a few hundred Satoshis. For legacy BTC transactions, outputs below roughly 546 Satoshis fall under standard dust limits, and native SegWit transactions drop the threshold to around 294 Satoshis.

Attackers distribute dust across thousands of wallets. They use automated scripts to scrape blockchain data and find wallets that have recent transactions or smart contract interactions, or are on token holder lists. Considering there’s no permission necessary to send funds to a public address, this is an easy and cheap way to interact with random unsuspecting users.

Once dust lands in a wallet, it becomes a marker. If the owner spends it alongside other funds, the transaction exposes which assets belong to the same wallet. That information allows attackers to connect addresses that previously appeared unrelated and create more elaborate crypto attacks in the future.

How does a crypto dusting attack work? 5 steps

The mechanics of a dusting attack start with data collection and lead to de-anonymizing a given target. Here’s what each step looks like.

Dust sender

The attacker begins by gathering public wallet addresses. They scan blockchain activity, focusing on wallets that have recently sent or received funds, or target whales with substantial holdings. Active wallets are generally better targets for attackers because they’re more likely to move dust.

Distribution

Next, the attacker sends tiny amounts of crypto to those addresses. The amounts are usually small enough to avoid attention but large enough to appear as valid balances. Public wallets often accept these transfers automatically.

Blockchain monitoring

After distribution, the attacker uses specialized blockchain analysis software to monitor every wallet that receives the dust. A wallet that never touches dust stays isolated (and less susceptible to attacks later); a wallet that spends dust creates a trail.

Wallet connection

When a user sends the targeted cryptocurrency to a crypto exchange or another wallet, the dust goes along with the valid crypto. The blockchain shows those inputs came from the same wallet, allowing attackers to more accurately identify that multiple addresses belong to one owner.

Identity interface

If the transaction interacts with a centralized exchange (CEX) or regulated service that requires know-your-customer (KYC) documentation, the attacker can associate wallet clusters with the user’s identity. This de-anonymization is usually the end goal that allows the attacker to gather precise information and create personalized phishing scams.

Why are dusting attacks dangerous?

Dusting attacks transform anonymous blockchain data into a specific, identifiable target. Dust connects wallets that users might believe are untraceable and reveals details about the owner’s financial habits, like how much they own, where they trade, and how frequently they move assets.

This tracking also increases exposure across platforms. For example, if you have wallets for decentralized finance (DeFi), non-fungible tokens (NFTs), and exchanges, your varied blockchain activities reveal much more about you once your accounts are tied together. These habits allow attackers to quietly build comprehensive user profiles.

Attackers use this information to create highly individualized scams. Instead of a generic phishing email, the user might receive a message that references a specific balance or a recent transaction they made. These details make fraud content significantly more convincing, so even users who wouldn’t normally fall for a phishing scam may be more likely to click through.

Can dusting attacks steal crypto directly?

Dusting attacks are a passive event, and your crypto is safe as long as you don’t interact with the dust. The attacks themselves don’t move funds, bypass wallet security, or access private keys.

However, your risk increases when you send dust as part of a regular transaction or respond to messages connected to dust transfers, especially phishing messages that push you toward external sites or fake support. That happened in 2020 on the BNB chain: Attackers sent dust BNB to many addresses with a link to a malicious website in the transaction memo.

What happens after dust arrives in a wallet depends on how you handle unexpected inputs. By staying aware of your balances and not panicking, you can limit potential damage.

How to protect yourself from crypto dusting attacks

To protect yourself from crypto dusting attacks after noticing dust in your wallet, focus on preventing information outflow.

Here are a few ways to control the data leaving your wallet:

• Use coin control features: Many wallets have a coin control option, which allows you to manually select the specific tokens using UTXOs you want to include in a transaction. You can use the coin control to flag wallet dust and leave it out of any transfers.
• Segregate funds: Consider using different types of wallets for different purposes. You might have one wallet for daily transactions and small transfer amounts, and a separate cold wallet for long-term storage.
• Avoid address reuse: Use a new public address for every transaction so it’s harder for attackers to link your holdings together. Most crypto wallets generate new addresses automatically.
• Use HD wallets: Hierarchical Deterministic (HD) wallets create a tree-like structure of addresses from a single seed phrase. This allows you to manage multiple addresses while keeping them organized, and dust received on one branch of your wallet won’t automatically interact with funds on another.
• Monitor your wallet activity: Review your transaction history regularly. If you notice small, unsolicited deposits, mark them as potential dust and don’t include them in future transfers.

What should you do if you receive dust in your wallet?

If you receive dust in your wallet, don’t be alarmed – it’s better to ignore it. Here are a few tips to make a dusting attack less effective:

• Don’t spend or move the dust.
• Ignore any links, memos, or messages attached to the transaction.
• Label the amount in your wallet so you don’t accidentally spend it.
• If the dust appears on a CEX wallet, contact the support team. (You might not be the only one who received it.)
• Enhance your wallet security and review privacy settings.

Monitor your crypto activity with CoinTracker

Dusting attacks work because small details are easy to ignore. Tiny balances, forgotten transactions, and scattered wallets make it harder to see how your activity changes over time. But paying attention to what enters your wallets and how funds move keeps your privacy intact and reduces unnecessary exposure. The more visibility you have, the fewer opportunities dusting attackers get.

CoinTracker helps you stay on top of dusting attacks by giving you real-time insights into your crypto portfolio. Our Portfolio Tracker connects to over 500 wallets and major exchanges, so you can monitor all your wallets for dust, no matter where you use them or what you use them for.

Managing your crypto assets shouldn't be complicated. CoinTracker lets you track your entire portfolio across multiple exchanges and wallets, all in one place. Join the three million users who rely on CoinTracker for a seamless crypto experience – start free today.

Disclaimer: This post is informational only and is not intended as tax advice. For tax advice, please consult a tax professional.