💡 The Plain-English Definition
A dust attack is a privacy assault where someone sends tiny, unsolicited amounts of Bitcoin — “dust” — to multiple addresses, with the goal of tracking those addresses when the dust is later spent and linking them to a real identity.
🤔 But Why Though?
Most Bitcoin privacy tools focus on preventing your own transactions from revealing information. A dust attack turns this around — the attacker proactively sends you something tiny to create a trap. The mechanism works like this: the attacker sends a small amount (often exactly 546 satoshis — the dust limit, the smallest amount the network will relay) to thousands of Bitcoin addresses. These addresses may have previously maintained good privacy hygiene — no address reuse, no mixed inputs. But now each address holds an unsolicited UTXO (Unspent Transaction Output — a discrete chunk of Bitcoin you own, in this case a tiny one).
If the address owner later spends Bitcoin and their wallet automatically includes this dust UTXO as one of the inputs (which many wallets do when consolidating funds), the common input ownership heuristic (the chain analysis assumption that all inputs in a transaction share an owner) links the dust address with every other address in that same transaction. The attacker now knows those addresses belong to the same wallet — and if any of those addresses was ever linked to a real identity through a KYC (Know Your Customer — identity-verified) exchange or other means, the whole cluster becomes identifiable. Dust attacks are carried out primarily by chain analysis firms testing and expanding their address clustering databases, by researchers studying network behaviour, and occasionally by bad actors tracking specific high-value targets.
🌍 The Real-World Analogy
Imagine someone slipping a tracking tag into the pocket of every coat in a charity shop. When you later donate your coat, the tag broadcasts your location. You never chose to carry the tag — it was planted. Dust attacks are the same: the attacker plants a tiny marker in your wallet and tracks where it ends up.
⚡ So What?
For casual Bitcoin users, dust attacks are a background concern rather than an immediate daily threat. They matter most to people actively maintaining privacy. The defence is simple: use a wallet that supports coin control (the ability to choose exactly which UTXOs to include in a transaction), learn to recognise unexpected tiny incoming transactions from unknown sources, and mark them as “do not spend.” If you never spend the dust, the trap is never triggered.