How to Identify and Protect Your Crypto Wallet from a “Dusting Attack”

Dusting attacks are proactive reconnaissance maneuvers that are conducted against thousands of digital wallets at one time by hackers.

You may or may not have heard the phrase “dusting attack,” but if you have holdings in crypto – you need to understand and be wary of them. Dusting attacks are proactive reconnaissance maneuvers that are typically conducted against thousands or hundreds of thousands of digital wallets at one time by scammers or hackers, who are trying to tease out and identify wallet owners. What the attackers do is scan blockchains for a large number of public addresses over a specific time period with large transactions of a specific cryptocurrency they’re targeting.

At which point, they typically send a very small, almost imperceptible amount of the target crypto to all the target addresses – the tiny amount of crypto is so small that it’s referred to as “dust” – hence the name dusting attack. Then they wait and watch for blockchain transactions involving the dust. Since a single digital wallet with a private key can issue various public keys as a preemptive safety measure to confuse hackers, the attackers use analytic monitoring software to alert whenever they see dust deposits consolidated and moved to another exchange, wallet, or address. 


Wallet owners might mistake the dust deposits as interest earned on their holdings, an airdrop, freebie from an exchange, or any number of other possibilities. Either the wallet owners proactively consolidate the fractional cryptos or the wallets do it automatically, which then links tiny dust deposits together. That action gets caught in the scammers’ digital dragnet, triggering the next phase of heavy duty malicious programming being used to re-identify the pseudonymous wallet owner. Once hackers know the identity of the wallet owner, the “black hats” can deploy their typical tradecraft of direct/indirect theft, blackmail, ransomware, or extortion. 

This past weekend a suspected dusting attack occurred within the largest crypto-sub group on Reddit, here’s a screenshot of the post describing what happened.

Possible signs you’ve been attacked



  1. Dust in digital wallets

As discussed above, a key indicator of a dusting attack is the unexplained presence of coin/token amounts that are too small to be used or withdrawn on their own. If you don’t combine the dust with your funds and move it, your data and privacy should be fine – the hackers have no way to track a transaction that doesn’t occur. Unfortunately, most digital wallets automatically aggregate all address balances when you start a transaction. Check with your wallet secure team to confirm if your digital wallet works that way. If so, go through your transaction history, see if any dusting deposits occurred, and engage the wallet’s security operations group if necessary. 


  1. You start receiving spammy cryptocurrency emails or texts

Remember the hackers ultimate objective is to gather personal data and IP addresses to re-identify the pseudonymous owners of the targeted wallets. It’s possible you missed the tiny dust deposits in your account, so a telltale sign of a dusting infiltration would be an influx of spam emails. If you start receiving these out of the blue, go to your wallets and scan for any dust. Then contact the wallet’s security team to find the best path forward or move all your coins/tokens to a cold storage wallet off the blockchain. 


  1. Links to a Malicious Website

The Binance Academy lists a good example a different type of dusting attack on its own blockchain. In October 2020, a dusting attack occurred where ultra-small amounts of Binance coins were sent to multiple wallets. Then after the user consolidated and sent the dust, they got a confirmation memo of the transaction. The memo had a link with an enticing offer that was actually a malware link – see the red box below for an example. Never click on a suspicious link associated with a crypto transfer of any kind.

What to do if you’re attacked

If you confirm any of the signs above or believe you’ve been a target of a dusting attack, here’s what you need to do:

  • Contact your wallet provider as soon as possible with any relevant details you have. They will most likely require that you create a new wallet and move your digital funds to a new address.
  • Be certain that the dust deposits are isolated and NOT combined with your funds or moved to the newly created wallet.
  • Don’t take these steps on your own – be sure to cooperate with your wallet provider regarding best practices to guarantee the new wallet is set up properly and your new private keys are secure.

On The Flipside

  • Don’t let greed, the desire for instant wealth, and “fear of missing out” cloud your judgement.
  • Investing in crypto – just as with any other asset class requires independent research. Only consider solid projects that have strong use cases, proven leadership, an ongoing development roadmap, and a demonstrated track record of performance. 
  • To be on the safe side, avoid all unsolicited airdrops, promotions to double your deposit, or any other offer that sounds too good to be true. 

Why You Should Care?

Hackers continue to devise new ways to separate you from your funds. Whether fiat or crypto, diligence and common sense are necessary to protect your savings and investments.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Tor Constantino

Tor Constantino is a former journalist, consultant and current corporate comms executive with an MBA degree and 25+ years of experience - writing about cryptocurrencies and blockchain since 2017. His writing has appeared across the web on Entrepreneur, Forbes, Fortune, CEOWorld and Yahoo!. Tor's views are his own and do not reflect those of his current employer.