Definition
A dust attack (or dusting attack) is a privacy assault in which an adversary sprays minuscule amounts of Bitcoin — often just a few hundred satoshis, near the network's standard dust threshold — across thousands of addresses. The dust itself is economically worthless; nobody dusts you to give you money. Its purpose is to plant a tracking beacon in your wallet and wait for your own spending behaviour to detonate it.
What "dust" means on the network
The threshold is a relay policy, not a consensus rule: nodes refuse to relay transactions creating outputs so small they would cost more to spend than they are worth. For a legacy P2PKH output that works out to 546 satoshis at the default rate, and less for native SegWit outputs, whose inputs are cheaper to spend. Dusting campaigns hover just above these floors — large enough to relay, small enough to cost the attacker almost nothing across thousands of targets.
How deanonymization happens
Because Bitcoin tracks balances as discrete UTXOs, the dust sits in your wallet as its own tiny coin. If your wallet later bundles it into a payment alongside your other coins, the common-input-ownership heuristic lets the attacker link every address whose coins shared that transaction into a single cluster — the dust acts as a dye marker connecting addresses you had carefully kept separate. Pair that cluster with one identifying event — a KYC exchange withdrawal, a doxed donation address, a merchant's shipping record — and an analyst can attach a real-world identity to the whole group. The attack is purely behavioural: dust that is never spent proves nothing, links nothing, and expires into irrelevance. It only works if you spend it.
Who dusts, and why
Attribution varies more than the mechanics. Chain-surveillance operations dust to sharpen their wallet clustering; researchers and spammers have dusted to measure wallet behaviour or push messages via address encodings; some campaigns target specific holders in preparation for phishing or extortion attempts that name their balances. A few hundred satoshis across ten thousand addresses costs the attacker almost nothing, which is exactly why the technique persists. Receiving dust does not mean you were individually chosen — mass campaigns blanket whole swaths of recently active addresses — but the correct response is the same either way.
Protecting yourself
The defense is refreshingly simple: do not spend the dust. Self-custody wallets with coin control show you individual UTXOs and let you freeze or exclude suspicious ones so coin selection never touches them. Mark unexplained tiny deposits as "do not spend" and the beacon is neutralized forever — it costs you nothing, since the amounts are beneath fee-worthiness anyway. Beware the subtler traps: letting an automatic coin-selection algorithm sweep everything during a UTXO consolidation is precisely how frozen-in-spirit dust gets spent in practice, and wallets without coin control give you no lever at all. If you must eventually clear dust, spending it in a context that breaks the ownership assumption — a properly constructed CoinJoin — defuses the linkage rather than confirming it.
The habit behind the defense
Dust attacks are cheap for attackers and free to defeat, but only for users who actually look at their UTXO set. Reviewing your coins, labelling where each came from, and running wallet software that treats UTXOs as visible objects rather than a single balance is a core sovereignty habit — especially for anyone with a public receiving address: donation pages, merchants, miners with published payout addresses. A wallet you cannot inspect at the coin level is a wallet whose privacy you are delegating to an algorithm that was not written with your threat model in mind. Own the coins; know the coins.
In Simple Terms
A dust attack (or dusting attack) is a privacy assault in which an adversary sprays minuscule amounts of Bitcoin — often just a few hundred…
