Dust Attacks in Crypto: What They Are and How to Stay Protected

Key Takeaways: Dust attacks rely on tiny incoming transactions to map wallet activity and connect addresses to an owner. The transfers have little economic value, but if the dust is later spent with other funds, on-chain heuristics can reduce privacy and enable targeting. The fix is straightforward: do not co-spend unsolicited dust, use coin control and input-freezing features, and enforce policy-driven custody that blocks risky spends.

What Is a Dust Attack?

On UTXO based blockchains like Bitcoin and Litecoin, your balance works like cash in a wallet. Each Unspent Transaction Output, or UTXO, is like a specific bill with a fixed amount. When you spend or send, your wallet selects a few bills, hands them over, and you receive a new bill back as change.

A dust attack takes advantage of that bill-by-bill process. Imagine a stranger slipping a marked bill into your wallet. If you spend that bill together with your other funds, it not only marks the funds you spent, but the change you receive back because transactions are publicly viewable on the blockchain. From that point forward, the attacker can effectively monitor all of your transactions from that wallet since their marked bill tainted the transaction and subsequent change you received. The bill, or in the case of crypto wallets—dust, does not touch your keys or your move funds. Instead, it creates a traceable signal that can compromise your privacy. 

How Dust Attacks Work

The objective of a dust attack is that the attacker wants you to co-spend their dust with your legitimate funds so they can trace your transactions.

1. Spread tiny inputs. The attacker broadcasts minuscule outputs to many addresses, often small enough to ignore.

2. Wait for consolidation. When you later pay someone, your wallet may select multiple inputs to reach the amount. If the dust is selected, it shows up alongside your larger inputs.

3. Apply clustering heuristics. Attackers rely on the common-input-ownership heuristic, which infers that inputs in the same transaction are likely controlled by one owner. That inference can be used to build a map of related wallets and addresses, or estimate crypto holdings.

4. Follow the change. Additional techniques, such as change-address detection and timing analysis, increase confidence in linkages.

5. Exploit the intel. With a higher-confidence cluster in hand, attackers can run targeted scams, resort to extortion, or pivot to phishing attacks. 

The bottom line is simple. If unsolicited dust UTXOs are never co-spent, it is much harder to use it to trace ownership.

Real-World Examples

Dusting has appeared across chains and use cases, and the playbook adapts to the venue. In 2018, Samourai Wallet warned users about an active Bitcoin dusting campaign and added a simple safeguard that let people label and avoid spending suspicious UTXOs. That small change cut off the attacker’s visibility.

In 2019, Litecoin experienced a broad dusting wave during periods of heavy exchange activity. Early reports focused on a small set of addresses, but later analysis showed the campaign reached a very large number of wallets. It was a reminder that when transaction fees are low, attackers can test tactics at large scale.

Attackers have also carried the idea into account-based settings. On BNB Chain in 2020, tiny transfers arrived with transaction memos that contained phishing links. On Ethereum in 2022, an anonymous actor sent small amounts of Tornado-tainted ETH to public figures in an attempt to trigger legal and reputational concerns.

Dust has even been used for marketing. In late 2018, the mixing service BestMixer sent tiny BTC outputs with promotional messages to thousands of different addresses in an attempt to spread awareness for their service. Not all dusting attacks may be malicious, but incorporating those transactions into your spends can still needlessly compromise your important data. 

Protecting Against Dust Attacks

The most effective first step is behavioral. Do not spend unsolicited dust. Many wallet providers advise leaving unexpected small deposits unspent and avoiding interaction with links or messages included in memo fields.

You can use coin control and input freezing to keep suspect UTXOs out of transactions. Bitcoin Core and several hardware and software wallets support manual input selection or “do not spend” flags, which prevent accidental co-spends.

Users can also reduce linkability by rotating addresses in HD wallets and avoiding address reuse across customers, vendors, and treasury operations. When consolidating UTXOs, ensure you are not combining your UTXOs with dust unintentionally. Just because you’re not sending transactions to someone else, doesn’t mean the attack can’t still be successful. 

Segment operational flows. Use separate wallets or accounts for treasury, vendor payments, and internal transfers so a dusted operational input cannot reveal broader posture in a single transaction. This aligns with how clustering heuristics work and limits blast radius if one wallet is compromised by dusting.

For institutions, enforce policy-driven approvals, monitor for anomalous micro-deposits, and set rules that block spending of unknown small inputs. These controls reduce the chance that routine operations will co-spend dust.

How BitGo Mitigates Dust Attacks

BitGo’s custody-first infrastructure is built for policy and control, and supports institutional workflows with granular approvals, monitoring for unusual activity, and UTXO-level management that helps prevent accidental co-spends of suspect inputs. The approach aligns with industry best practices for UTXO hygiene and privacy-preserving operations so teams can move funds with confidence while reducing the risk of deanonymization.

Frequently Asked Questions

Is dust dangerous to my wallet or keys?
No. Dust does not grant access to your wallet or keys. The risk appears only if you co-spend the dust with other inputs, which can give analysts enough signal to link addresses.

How can I tell if I have been dusted?
Watch for tiny incoming amounts you did not expect. Many wallets highlight these transactions and some let you mark them so they are never selected for spending.

Does dusting affect non-UTXO chains like BNB Chain or XRP?
Classic deanonymization relies on UTXO co-spends, but small transfers on account-based chains have been used to deliver phishing links via memos. The right move is to ignore unexpected transfers and never visit links in memos.

Why would an attacker spend money to send dust?
The return is intelligence. If one dusted input gets co-spent, the attacker can create a tree of related wallets and addresses and tailor scams or extortion with higher success rates.

What practical steps should institutions take right now?
Block spending of unknown small inputs, enforce coin control in operations, segregate wallets by function, and monitor for unusual micro-deposits. Combine these practices with custody that supports UTXO-level controls and multi-step approvals.

Stay Vigilant, Stay Secure

Dusting is a low-cost way for adversaries to learn about you on-chain. With disciplined habits and policy-driven custody, tiny inputs do not have to become big data leaks. Awareness, good hygiene, and the right infrastructure go a long way toward protecting both privacy and operations.

Ready to strengthen your security?

Interested in how BitGo fits into your digital asset security program? Fill out a form on our website.