Definition
A dust attack is a blockchain privacy attack in which an adversary distributes very small, economically insignificant amounts of cryptocurrency—known as dust—to a large number of addresses. The attacker then monitors how this dust is later moved or consolidated in subsequent transactions to infer which addresses belong to the same wallet or entity. By correlating these movements with known identifiers, such as activity on a CEX, the attacker attempts to deanonymize users and map their on-chain behavior.
This concept targets the linkability of addresses rather than directly stealing funds or compromising a private key. The dust itself is typically too small to be useful as spendable value, but it serves as a tracking marker within the transaction graph. Dust attacks are particularly relevant in transparent blockchain systems where transaction histories are permanently visible and can be algorithmically analyzed.
Context and Usage
In practice, a dust attack exploits the way wallets often aggregate multiple small unspent outputs into a single transaction, creating observable relationships between previously unlinked addresses. When dust from the same source is later spent together with other funds, it provides a signal that these addresses are controlled by the same wallet. This undermines pseudonymity by enabling clustering of addresses and potential association with off-chain identities.
Dust attacks are categorized as a privacy and surveillance threat rather than a direct compromise of cryptographic security. They rely on behavioral patterns in transaction construction and on the public nature of blockchain data, not on breaking the underlying cryptography that protects a private key. As a result, they are discussed in the context of on-chain analytics, wallet design, and the interaction between on-chain activity and identity-linked services such as a CEX.