Dusting Attack
Sending tiny amounts of cryptocurrency ('dust') to many wallet addresses to de-anonymise the owners by tracking how the dust is subsequently spent.
Also known as: crypto dust attack, blockchain deanonymisation, dust transaction attack
Last reviewed: 1 June 2026
In cryptocurrency networks, 'dust' refers to transaction outputs so small they are below the practical threshold for economical spending — often fractions of a cent. In a dusting attack, an adversary sends these minuscule amounts to a large number of wallets. Because blockchain transactions are publicly visible, the attacker can then monitor which wallets consolidate or spend the dust alongside other funds, using blockchain analysis to cluster addresses and link them to a single real-world identity.
Once identified, wallet owners can be targeted for phishing, extortion, or physical threats. Dusting attacks have been used by state actors trying to de-anonymise users of privacy-focused cryptocurrencies, by competitors in the crypto space, and by criminals seeking high-value targets.
Defence involves not spending dust transactions, using a wallet that alerts to dust and allows marking it as 'do not spend', and using privacy tools such as coin mixing or privacy coins when anonymity is important. Many modern wallets now flag dust UTXOs automatically.
Examples
- An attacker sends 0.00000001 BTC to thousands of addresses, then tracks how those addresses cluster during spending to identify which wallets belong to the same user.