dust attack

What Is a Dusting Attack?

A dusting attack is a tactic where malicious actors send very small amounts of cryptocurrency—often barely valuable—to your wallet in order to analyze, track, or scam you.

The process involves distributing “insignificant” assets to numerous addresses. When users interact with or combine these small amounts with their regular funds, attackers can more easily analyze transaction patterns, link wallet addresses, or trick users into visiting fraudulent sites for authorization, ultimately stealing assets.

On Bitcoin, this usually appears as tiny “change” sent to your wallet, with attackers hoping you'll spend it alongside your main balance in future transactions, thereby revealing address connections. On account-based blockchains like Ethereum, BSC, and Solana, dusting typically takes the form of “junk token airdrops,” often bundled with phishing links or fake customer support contacts designed to lure users into signing malicious authorizations.

Why Does Understanding Dusting Attacks Matter?

Dusting attacks pose risks to both privacy and asset security. Ignoring them can lead to your on-chain identity being linked to your real-world identity.

Many users are curious about “free” tokens and might experiment with them, inadvertently providing attackers with an opportunity. If you authorize a malicious site, attackers can drain real assets from your wallet. Even without direct theft, the attacker can collect relational data between addresses for profiling, targeted spam, or further refined scams.

For everyday users, understanding this scheme helps prevent mistakes such as combining dust inputs with normal Bitcoin inputs. For teams or market makers, it helps avoid having operations and risk management compromised by “dusting + analytics” strategies.

How Does a Dusting Attack Work?

The core sequence is: “mass dust distribution → induce interaction → collect relationships → escalate to fraud”.

Step one: Attackers send tiny amounts or small batches of newly created tokens to large numbers of addresses. In Bitcoin, these represent multiple “unspent transaction outputs” (UTXOs), similar to lots of tiny coins. On Ethereum/BSC, it’s often a completely unfamiliar token sent to your address.

Step two: Victims interact out of curiosity or due to default wallet settings. For example, a Bitcoin wallet may combine these dust amounts with normal balances during a transaction, making it easier for analysts to link multiple addresses. On EVM chains, victims may click on the website associated with an unknown token and sign an “authorization,” giving attackers permission to access their assets.

Step three: Attackers use on-chain analytics or scripts to track interactions, label active addresses and relationships, and then deploy targeted phishing or social engineering campaigns to boost conversion rates.

Common Manifestations of Dusting Attacks in Crypto

Dusting attacks can affect self-custody wallets, DeFi interactions, and even deposit/withdrawal operations at exchanges.

• On Bitcoin wallets, you might see several extra inputs worth tens to hundreds of satoshis (the smallest unit of Bitcoin). If you spend these along with normal funds later on, analysts can more confidently link these inputs as belonging to the same user.
• On Ethereum/BSC wallets, expect unfamiliar tokens with odd names. These often include websites or fake customer support contacts in their description, prompting you to “claim rewards” or “unlock balances.” Such sites frequently require “authorization”—which really lets attackers control your genuine assets.
• On low-fee, high-throughput chains like Solana, mass dust distribution is cheaper and can scale quickly; your address may receive multiple micro-transfers or junk NFTs in a short time.
• At exchanges like Gate, if you withdraw to a self-custody wallet and suddenly notice strange tokens or tiny deposits, do not attempt to deposit them back or swap them. Stay disengaged; promptly hide or mark these assets to mitigate follow-on risks.

How Can You Reduce the Risk of Dusting Attacks?

The key is “see but don’t interact,” using tools and best practices to limit your exposure.

Step 1: Do not touch dust. If unfamiliar tokens or tiny amounts appear in your wallet, avoid clicking, authorizing, transferring, or swapping them. Many wallets offer features to “hide/block tokens”—use them first.

Step 2: Review wallet settings. Disable “auto-display all new tokens,” enable token blacklists or spam filters, and prioritize wallet versions that allow suspicious asset marking.

Step 3: Secure your Gate account. Enable withdrawal address whitelisting and two-factor confirmation; set anti-phishing codes; verify contract addresses and networks before withdrawing. When you encounter unfamiliar tokens, do not attempt deposits—first check the contract and project info on a block explorer.

Step 4: Layer your addresses. Separate “receiving/airdrop testing” from “long-term holdings/operational funds.” On Bitcoin, avoid spending suspicious dust inputs with normal balances; use coin selection strategies to spend only necessary inputs when possible.

Step 5: Minimize authorizations. Regularly use security tools to review and revoke unnecessary token permissions on EVM chains; always be cautious with sites requesting “unlimited authorization.”

Step 6: Learn detection skills. Be highly alert for phrases like “customer support,” “urgent notification,” or “unlock balance.” Always verify project info and contracts through official channels and block explorers.

Recent Trends and Notable Data on Dusting Attacks

In the past year, dusting has shifted towards “bulk distribution on low-fee networks” and “token authorization-based phishing,” with fee structures influencing attack costs and chain selection.

• For Bitcoin, the common dust threshold is around 546 satoshis (for traditional P2PKH addresses). During periods of high fees this year, mass dusting became more expensive; attackers now favor low-fee periods or other chains.
• On Ethereum, the base transfer cost is about 21,000 Gas. With Q3 2025 average gas at 20 gwei as an example: 21,000 × 20 gwei = 420,000 gwei = 0.00042 ETH. With ETH at $2,000–$4,000, that’s $0.84–$1.68 per transfer—making pure ETH-based dusting less cost-effective than “junk token + phishing.”
• On BSC, typical gas is about 3 gwei; transfer cost is 21,000 × 3 gwei = 63,000 gwei = 0.000063 BNB. At $300 per BNB, that’s around $0.0189 per transfer—much cheaper for mass attacks; related phishing activity has increased notably in recent months.
• On Solana, base transaction fees are about 0.000005 SOL and remain low year-round; mass airdrop dusting and junk NFTs are more common there. These figures reflect recent averages (2025 Q3), but actual fees vary day-to-day.

Comparing data from 2024 onward: dusting attacks now frequently pair with social engineering and authorization phishing. Simple “free money” lures work less well on high-fee chains; attackers increasingly rely on persuasive tactics and UI deception for better results.

How Are Dusting Attacks Different From Airdrops?

Both involve sending assets to your address—but motivations and interactions differ entirely.

Airdrops are typically promotional or user incentive campaigns run by projects; they’re transparent in source and rules and can be verified through official channels. Dusting attacks aim for privacy identification or phishing, often paired with fake websites/support and high-risk authorizations.

To distinguish them: check for official announcements and contract addresses; beware if immediate authorization or mnemonic entry is requested; watch out for promises of unrealistically high returns. For unknown tokens: never click or authorize—verify through the project’s official site and block explorer before engaging. If you’re unsure about an asset’s legitimacy as an exchange user (like at Gate), do not attempt deposits to avoid unnecessary risks.

Related Terms

• Dusting Attack: When an attacker sends tiny amounts of tokens to target addresses in order to track and deanonymize users.
• UTXO Model: Unspent Transaction Output model; user balances consist of multiple UTXOs requiring proper selection for each transaction.
• Address Privacy: Techniques like mixers or privacy protocols used to obscure the true identities of transaction senders and receivers.
• On-chain Tracking: Analyzing blockchain transaction data to identify address relationships and fund flows.
• Privacy Coins: Cryptocurrencies such as Monero or Zcash that use zero-knowledge proofs or mixing mechanisms to hide transaction details.

FAQ

I received a strange small transfer—is this a dusting attack?

Very likely. In a dusting attack, someone sends tiny amounts of tokens or NFTs to your wallet with the goal of tracking your transactions. These "dust" transfers are usually worth just a few cents—easy to overlook. But if you later move these assets, the attacker can use on-chain tracking to link multiple wallet addresses together and compromise your privacy.

Can money be stolen from my wallet after a dusting attack?

Not directly. The goal of a dusting attack isn’t theft but tracking and deanonymization. Attackers monitor your on-chain activity using the "dust" tokens they sent. However, if you accidentally interact with a malicious contract (such as trying to sell these tokens), you could face additional scams or authorization risks.

How can I tell if an unknown token is part of a dusting attack?

Look for three main signs: extremely small value (usually less than $1), sent from an unfamiliar address, and the token contract looks risky or suspicious. You can check the token contract on block explorers like Etherscan—if you can't verify its source or find signs of malicious code, it's likely dust. The best practice is not to interact with unfamiliar tokens; simply hide or ignore them in your wallet.

Can Gate’s wallet features protect against dusting attacks?

Gate’s security features focus on trading risks at the platform level. If you use self-custody wallets or move assets on-chain, dusting threats still apply. Comprehensive protection includes enabling Gate account security settings, regularly reviewing self-custody wallet balances, treating unknown tokens as warning signs, and using privacy tools or mixers if needed for added protection.

I’ve already received dust tokens—what’s the safest response?

The safest approach is total disregard. Don’t try transferring, selling, or interacting with those token contracts—any action could expose your on-chain activity further. If your wallet supports blacklisting features, hide the token; if privacy concerns remain high, consider moving primary assets to a new wallet. For long-term protection against tracking threats posed by dusting attacks, use privacy wallets or rotate addresses regularly.

References & Further Reading

• https://en.wikipedia.org/wiki/Dusting_attack
• https://identitymanagementinstitute.org/dusting-attacks-and-privacy/