Key Takeaways
A dusting attack sends tiny amounts of Bitcoin or other cryptocurrencies to many wallet addresses in order to trace their owners.
Attackers analyze the movement of the "dust" across the blockchain to link addresses together and identify the person or company controlling a wallet.
If successful, the information gathered can be used for phishing, extortion, or targeted scams.
You can reduce your exposure by not spending dust, using a wallet with "Do Not Spend" or coin control features, and using a fresh address for each transaction.
Introduction
Most blockchain networks are public by design. Every transaction is recorded and visible to anyone. While wallet addresses do not carry your name, they can sometimes be linked back to a real identity through careful analysis. Dusting attacks are one technique attackers use to do exactly that.
A dusting attack is not about stealing funds directly. It is about gathering information. By sending tiny amounts of cryptocurrency to your wallet and watching where those funds go, an attacker can build a picture of your activity and potentially identify who you are.
What Is Crypto Dust?
In cryptocurrency, "dust" refers to an amount of coins so small that it is barely noticeable. On the Bitcoin network, the smallest unit is a satoshi (0.00000001 BTC). Amounts of a few hundred satoshis are typically considered dust.
Technically, Bitcoin Core defines dust as any transaction output smaller than the transaction fee required to spend it. This threshold is roughly 546 satoshis for regular (non-SegWit) transactions and 294 satoshis for native SegWit transactions.
A newer output type called Pay to Anchor (P2A), introduced through BIP 433, has a dust threshold of 240 satoshis. Any output at or below the applicable threshold is considered dust and will typically not be relayed by most network nodes, though it may still technically be included in a block by a miner who chooses to do so.
On exchanges like Binance, dust refers to tiny coin balances left over after trades. These are not tradeable on their own, but Binance users can convert dust balances into BNB.
How Does a Dusting Attack Work?
The process starts with an attacker sending tiny amounts of cryptocurrency to a large number of wallet addresses. Because the amounts are so small, most users do not notice them or pay them any attention.
If the recipient later spends those funds by including them in a new transaction, the attacker can trace that transaction on the public blockchain. By combining the dust with other address data, they try to identify which addresses belong to the same wallet.
The goal is to link wallet addresses to real-world identities. Once an attacker knows who controls a wallet, they may target that person with
The goal is to link wallet addresses to real-world identities. Once an attacker knows who controls a wallet, they may target that person with phishing emails, social engineering, or extortion threats. The attack does not compromise your funds directly, but it can compromise your privacy.
A notable real-world example occurred between August 2025 and February 2026, when a Salomon client sent exactly 546 satoshis (the legacy dust limit) to 39,069 Bitcoin wallets. Each transaction included an OP_RETURN message linking to legal pleadings.
The sender claimed "constructive possession" of dormant BTC as abandoned property. This event showed how dusting can be used not only for surveillance but also for legal and coercive purposes, and it deliberately used the dust threshold to ensure transactions were relayed while remaining economically unspendable.
Dusting Attacks on Different Blockchains
Dusting attacks were first seen on the Bitcoin network, but they have since been used on Litecoin and other public blockchains. In October 2020, a new type of dusting attack appeared on the BNB Chain. Scammers sent tiny amounts of BNB to many addresses, and the transaction included a link to a malicious website embedded in the memo field. Users who clicked the link were directed to a scam page.
This BNB Chain variant shows how dusting attacks can evolve beyond simple address-tracing. In this case, the attack combined dust with a phishing link, making it a multi-stage threat.
UTXO-based chains like Bitcoin and Litecoin are particularly susceptible to dusting because each unspent transaction output is traceable. On account-based chains like Ethereum, dust-tracing is less effective because all transactions are tied to a single address rather than separate UTXOs. However, phishing-style dusting has been observed on account-based chains as well.
In early 2025, the Ethereum Fusaka upgrade led to a significant surge in dusting attacks on the Ethereum network. Dusting transactions rose from approximately 3-5% of all transactions to roughly 11%, affecting about 26% of active Ethereum addresses.
This increase highlighted that account-based chains are not immune to large-scale dusting, particularly when upgrades change transaction economics or introduce new output types that attackers can exploit.
How to Protect Yourself From a Dusting Attack
The key to neutralizing a dusting attack is simple: do not move the dust. If the dust never enters a new transaction, the attacker cannot link your addresses together. Some wallets offer a "Do Not Spend" feature that lets you flag suspicious funds so they are excluded from future transactions. Choosing a
The key to neutralizing a dusting attack is simple: do not move the dust. If the dust never enters a new transaction, the attacker cannot link your addresses together. Some wallets offer a "Do Not Spend" feature that lets you flag suspicious funds so they are excluded from future transactions. Choosing a crypto wallet with coin control or UTXO management features gives you more control over which funds you spend.
Using a fresh wallet address for each new transaction also limits how much information an attacker can gather. While this does not prevent dust from being sent to old addresses, it reduces the value of the analysis.
Be alert to address poisoning attacks as well, which use a similar tactic to trick users into sending funds to an attacker-controlled address. Address poisoning has become a significant threat: by mid-2025, this type of attack had caused over $83 million in losses on chains like TRON. Unlike traditional dusting, address poisoning can result in direct financial loss if you send funds to a lookalike address.
Beyond dusting, staying safe in crypto requires broader habits. Reviewing general security principles and staying informed about common cryptocurrency scams can help you recognize threats before they escalate.
FAQ
What is the purpose of a dusting attack?
A dusting attack is designed to compromise privacy, not steal funds. Attackers send tiny amounts of cryptocurrency to trace wallet activity and potentially identify the person or organization behind an address. The information can then be used in phishing campaigns or extortion attempts.
Is receiving dust dangerous?
Receiving dust itself is not dangerous. The risk arises if you spend it. When you include dust in a new transaction, you create a blockchain trail that attackers can analyze. The safest approach is to leave dust unspent or flag it as "Do Not Spend" in your wallet.
Can dusting attacks steal my crypto?
No. Dusting attacks do not give attackers access to your private keys or funds. The attack targets your privacy, not your wallet balance. Follow-up threats, such as
No. Dusting attacks do not give attackers access to your private keys or funds. The attack targets your privacy, not your wallet balance. Follow-up threats, such as ransomware or phishing, are external to the dusting itself and require you to take an action for them to succeed.
What blockchains are targeted by dusting attacks?
Dusting attacks can occur on any public blockchain. Bitcoin is the most commonly targeted chain because it uses a UTXO model that makes address-linking analysis more effective. Litecoin and BNB Chain have also seen dusting attacks.
Ethereum experienced a major surge in dusting activity in 2025 following the Fusaka upgrade. Account-based chains are less vulnerable to address-tracing dusting but are not immune to phishing variants.
How do I check if I have received dust?
Check your transaction history for very small incoming amounts from unknown addresses. On Bitcoin, any amount in the range of 546 to a few thousand satoshis from an unrecognized source should be treated with caution. Most modern wallets will display incoming transactions in your history, where you can flag suspicious amounts.
Closing Thoughts
A dusting attack is a privacy threat, not a direct financial one. Attackers use tiny crypto amounts as breadcrumbs to trace wallet activity and identify real-world identities. The best defense is awareness: do not spend suspicious dust, use wallets with coin control features, and generate fresh addresses for incoming transactions when possible.
As blockchain analytics tools continue to improve, privacy practices become more important for all crypto users. The 2025 Ethereum dusting surge and the Salomon Brothers legal dusting event showed that this threat continues to evolve. Understanding how dusting attacks work is a useful step in managing your broader security posture.
Further Reading
Disclaimer: This content is presented to you on an "as is" basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial, legal, or other professional advice, nor is it intended to recommend the purchase of any specific product or service. You should seek your own advice from appropriate professional advisors. Where the content is contributed by a third-party contributor, please note that those views expressed belong to the third-party contributor, and do not necessarily reflect those of Binance Academy. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance Academy is not liable for any losses you may incur. For more information, see our Terms of Use, Risk Warning, and Binance Academy Terms.