Dust Attack

A dust attack is a privacy-breaking technique where attackers send tiny amounts of cryptocurrency ('dust') to thousands of addresses, then monitor the blockchain to trace how these dust amounts are spent, potentially linking multiple wallets to the same owner. The attack exploits how wallet software handles small inputs. When a user spends funds, their wallet typically combines multiple inputs to construct the transaction. If the wallet combines dust from the attacker with funds from other addresses, the attacker learns those addresses belong to the same entity. This can deanonymize users who thought their multiple wallets were unlinkable. The dust itself is nearly worthless, often just a few satoshis on Bitcoin or fractions of cents in tokens. But its tracking value is significant for surveillance, targeted attacks, or building intelligence on cryptocurrency users. Analytics companies and government agencies use similar techniques to trace funds. Defenses are limited: the cleanest solution is never spending the dust, but wallet software often combines inputs automatically. Some wallets flag suspicious small deposits. Privacy-focused users can consolidate dust through mixing services or CoinJoin transactions that obscure the connection. UTXO-based chains like Bitcoin are more vulnerable than account-based chains like Ethereum, though dust attacks remain possible on any transparent blockchain. The attack name comes from the tiny 'dust' amounts involved.