Skip to main content

💨 What Are Dust Attacks?

A Simple Guide to Protect Your Assets

Dust transactions do not threaten your funds directly. Receiving unsolicited micro-amounts of crypto is not a hack. No immediate action is required — but knowing what to do keeps you safe.


What is a dust attack?

A dusting attack is when an attacker sends tiny amounts of cryptocurrency — fractions of a cent, often called "dust" — to a large number of wallet addresses. The dust itself is worthless. What the attacker is after is your behavior: if you move that dust, your wallet gets linked to other addresses you control, which can be used to de-anonymize you or target you for follow-up scams.

On BNB Smart Chain and Ethereum, this often takes the form of fake tokens with names impersonating well-known projects — designed to look like legitimate airdrops in your transaction history.

How to recognize a dust transaction

  • You receive a tiny amount of an unfamiliar token you never requested

  • The token name closely mimics a well-known project but comes from a different contract address

  • The block explorer flags the contract with a spam or phishing warning

  • The token has a very short deployment history and no legitimate liquidity

Always verify a token's contract address against the project's official website. A matching name is not enough.


What to do when you receive dust

  1. Do not move the dust. Transferring or swapping a dust token links it to your other addresses

  2. Do not interact with any site the token points to. Many dust tokens include metadata pointing to a phishing site

  3. Check the contract on the block explorer. Search on BscScan, Etherscan, or Tronscan — if a phishing warning is displayed, it's dust

  4. Hide the token in Trust Wallet. Long-press the token and select Hide. This removes it from your view without interacting with the contract

⚠️ Never enter your secret phrase, connect your wallet, or approve a transaction on any site linked from a dust token.

In the picture below is shown a token reported to have been used to mislead people into believing it was sent from well-known addresses and may be spam or phishing. Please treat it with caution.

Block explorer warning showing a flagged token contract identified as spam or phishing, an example of a dust attack token sent to mislead users

How to protect yourself going forward

  • Keep your wallet address private — the fewer places your address is publicly shared, the less likely it appears on attacker distribution lists

  • Never share your secret phrase — dust attacks are sometimes a precursor to social engineering

  • Keep Trust Wallet updated — the latest version includes the most current token denylist from Blockaid

Did this answer your question?