Dusting and De-anonymization Attacks via Cryptocurrency
Attackers send tiny cryptocurrency amounts to many wallets to track fund flows and link wallet addresses to real-world identities, enabling targeted fraud or extortion.
Part of: Dusting and Deanonymisation Attacks
Last reviewed: 8 June 2026
Cryptocurrency users often assume that holding funds in a self-custodied wallet provides meaningful financial privacy. Dusting attacks challenge this assumption by exploiting on-chain transparency: tiny transactions are sent to target wallets with the goal of tracing how and where those funds are subsequently moved, allowing attackers to build a picture of wallet ownership and net worth.
The collected intelligence enables further targeted attacks: phishing messages can reference specific wallet balances to appear credible, and high-value wallet owners can become targets for extortion, account takeover, or physical threats. The dust transaction itself causes no direct financial loss, but it is the opening move in a broader attack chain.
How this scam works on cryptocurrency
An attacker programmatically sends micro-amounts of cryptocurrency to large batches of wallets, often harvested from public transaction data or leaked exchange data. If the recipient spends or consolidates the dust with other funds in a subsequent transaction, the wallet clustering becomes possible: multiple addresses that transact together are likely controlled by the same entity.
This information can be combined with exchange KYC data obtained through breaches, social media posts revealing wallet addresses, or blockchain analytics to attach real names to wallet clusters. The attacker may then use this data directly for targeted phishing, sell it to third parties, or use the linked identity to impersonate the victim or threaten to expose their holdings.
Common red flags
- Your wallet history contains small incoming transactions from unknown sources you did not initiate
- Dust arrives from addresses that have sent to many unrelated wallets in a short period
- You receive a phishing email or message that references your specific wallet address or approximate balance
- Dust is sent in an unusual token rather than the native chain currency, suggesting a more complex scheme
- Multiple different dust amounts arrive from different addresses in the same time window
- Transaction metadata indicates the dust origin is an automated batch script
How to protect yourself
- Do not spend or consolidate dust transactions - leaving them unspent prevents clustering analysis
- Mark dust transactions as spam in your wallet if your software supports it
- Use different wallet addresses for different purposes to reduce the linkability of your transactions
- Consider using privacy-preserving tools or chains if financial privacy is important to your use case
- Avoid publicly linking your wallet address to your real identity on social media or forums
- Use a hardware wallet that isolates coin control and allows selective UTXO management
How to report it
- Flag suspicious dust addresses on block explorer phishing databases
- Report to the IC3 at ic3.gov if the dusting precedes phishing or extortion
- Notify your wallet provider about systematic dusting campaigns so they can flag addresses
- Report extortion or threats to your local law enforcement authority
Frequently asked questions
Will spending the dust transaction actually harm me?
Spending it does not cause immediate financial harm, but it can link your wallet addresses together in on-chain analytics, potentially revealing your total holdings and wallet cluster to an attacker.
Is dusting illegal?
Sending cryptocurrency is not in itself illegal, but using the resulting data for extortion, phishing, or identity fraud is illegal in most jurisdictions.
Can privacy coins protect against dusting?
Privacy-focused cryptocurrencies with shielded transaction features make clustering analysis significantly harder, though they come with their own trade-offs around exchange support and regulatory acceptance.