Dusting Attacks

On transparent blockchains, a dusting attack is a real and well-documented surveillance technique: an attacker sends tiny amounts of cryptocurrency — "dust" — to thousands of addresses, then watches how that dust moves to cluster addresses together and unmask their owners. It's one of the cleverer ways analysts deanonymize users of chains like Bitcoin. The good news for Monero users is that the attack largely doesn't work here, and understanding why teaches you a lot about what makes Monero different.

How Dusting Works on Transparent Chains

The attack exploits two properties of transparent ledgers:

• Visible amounts. The attacker can see the exact tiny amount they sent and recognize it later.
• Visible linkage. When you spend, the chain shows which outputs were combined as inputs, revealing that they share an owner.

So the attacker dusts your address, waits for you to spend that dust alongside your other coins, and reads the resulting transaction to conclude "all these addresses belong to one person." From there they can tie clusters to exchanges, identities, and behavior. Dust is essentially a tracking beacon you might unknowingly fold into your real spending.

Why Monero Resists It

Dusting depends entirely on the two visibilities above — and Monero hides both. This is the heart of why the attack fails:

• Amounts are hidden. Thanks to RingCT, the value of any output is concealed. An attacker can't pick their distinctive "dust amount" back out of the chain because no amounts are visible to recognize.
• Ownership is hidden. Every payment lands at a unique stealth address, so there's no reusable public address to dust en masse or to cluster.
• Spends are obscured. Ring signatures mix your real input with decoys, so even the act of spending doesn't cleanly reveal which prior output moved.

Put together: dust can't cluster your funds on Monero the way it does on transparent chains, because the very signals the attack reads — recognizable amounts and reusable, linkable addresses — simply aren't exposed. This is also a direct consequence of Monero's fungibility: if no coin can be visibly tracked, no coin can be tagged.

What Dust Can Still Do

"Resists" is not "irrelevant," so be precise about the residual concerns:

• The linkage from combining inputs still exists. If you deliberately spend an unwanted output together with your other outputs, that transaction still reveals those particular outputs share an owner — though without visible amounts, the attacker learns far less than on a transparent chain.
• Unsolicited outputs are a nuisance. A stray tiny output clutters your wallet and, if carelessly merged, weakens the separations you maintain through good output management.
• Off-chain correlation is unaffected. Dust does nothing here, but it's a reminder that surveillance shifts to metadata and the network layer, covered in Avoiding Metadata Leaks.

How to Handle Dust

Practical, low-stress guidance:

• Don't panic. Receiving a tiny unexpected output on Monero is not the tracing event it would be on a transparent chain.
• Isolate, don't merge. If you'd rather not entangle a stray output with your main funds, simply leave it alone rather than sweeping it into a payment with good outputs.
• Use coin control when spending. Choosing your inputs deliberately, as in What Is Coin Control, lets you avoid combining an unwanted output with anything sensitive.
• Keep your pockets separate so a questionable output never sits in the same account as funds you want shielded.

Dusting is a textbook example of an attack that's potent on transparent chains and largely defanged on Monero, because Monero hides exactly the amounts and ownership the attack needs. The residual risk is just the ordinary one — don't carelessly combine outputs — which sound output management already covers. Next, step up to shared-control wallets in Multisig In Depth.