Skip to main content
T TON Adoption
RU
← Glossary
NODE/03 · Term

Dusting attack

Sending tiny amounts ("dust") to many addresses to deanonymise their owners. By tracing how the dust later moves, the attacker links separate addresses into a single cluster and infers who controls them.

Aliases: dust attack, deanon dusting

Dusting attack is a chain-analysis technique. The attacker sends microscopic amounts of TON or jetton (“dust”, hence the name) to hundreds of thousands of addresses. The goal is not theft but deanonymisation.

How it works

The steps:

  1. The attacker sends 0.0001 TON or a fake jetton to many addresses.
  2. Over time, victims spend the dust together with other funds — for example, by depositing to an exchange or combining inputs in a single transaction.
  3. When dust from one source appears in the same transaction as funds from another address, the attacker gains a link: both addresses belong to the same user.
  4. By chaining these links, the attacker builds a cluster of addresses belonging to one owner. Final deanonymisation comes from off-chain data — exchange KYC, OFAC lists, leaked databases.

In UTXO networks (Bitcoin) dusting is most effective. In account-based networks like TON and Ethereum it is weaker, because transactions do not natively “glue” inputs. But if the user merges balances themselves, the link is restored.

Who does this

  • Analytics firms (Chainalysis, TRM Labs, Elliptic) for compliance investigations on behalf of governments.
  • Attackers prepping targeted phishing. Once a large holder is identified, they can be hit precisely.
  • Tax authorities in jurisdictions where the IRS-equivalent uses chain analysis.
  • Journalists investigating sanctioned addresses sometimes send probe transactions for tracking.

TON-specific flavour

On TON, dust often masquerades as a jetton airdrop: “you received 1000 SCAMTOKEN — claim at…” This combines dusting with phishing — the victim not only outs their address but lands on a drainer site as well.

Defence

  • Do not merge “random” inflows with main funds. If a strange jetton arrives, leave it alone.
  • Do not claim unknown airdrops. If you did not sign up for a project, the claim is almost certainly either a drainer or a deanon trap.
  • Use fresh wallets for private operations. A wallet with no history is harder to link.
  • Ignore jetton dust in Tonkeeper. Modern versions mark suspicious jettons and hide them by default.

Overall, dusting is a privacy threat first and an asset threat second. The optimal defence is to do nothing.

Related terms