What is a dust attack and how to mitigate it

This article will go into detail about so-called "dust attacks". Ever received a small deposit you could not explain? We're here to help you figure out whether it was a part of a dust attack and what you can do to mitigate it.


In this Article:


What is a dust attack?

Dust attacks are attempts to deanonymize an address by linking an asset's addresses together. This is done by sending a tiny amount of the asset to multiple addresses. A dust attack does not give an attacker access to your funds. It is not possible to use a dust attack to link your addresses for different assets.

BTC, LTC, DASH, DCR, BCH, BTG, DGB and BSV each have multiple change addresses that are managed by your wallet. Exodus generates a new change address for each new transaction to send "change" to. That way, the change from the money you spend never returns to the original Receive address, but still remains in your wallet and under your control.

Now, when you spend your funds, Exodus will automatically choose as few addresses to spend from as possible. If you have enough funds on one address, Exodus will use one address to spend the funds from, but if there's a need, it will combine funds from multiple addresses and spend them in one transaction.

Notice in the screenshot below, one Litecoin transaction combined funds from 2 different addresses, all from the same wallet, to send the desired amount.

A typical transaction with funds from multiple inputs and addresses

Since it is very uncommon for spending addresses (the addresses on the sender side) to belong to multiple parties, an assumed that all the addresses on the sender side belong to one person; thus they are linked together.

The "dusting" principle exploits the mechanism of spending from multiple addresses by sending very small amounts to them. The attackers then follow the movement of the funds originated from the dust transaction and combine the affected addresses into one such "identity". Then, using additional information from other sources, the attackers can try some educated guessing to figure out the real identities behind those addresses. Still, this does not give an attacker access to the funds held by an address. It only allows them to maybe know who the owners of the addresses are.

A dust attack transaction

How to find out if your wallet is affected?

1
Get an export of your addresses by using this article as a guide and note the balances in each address.
2
Check your addresses on a block explorer like blockchair.com to see what addresses are dusted. A typical dust transaction has one address on the sender side and hundreds or thousands of addresses on the other with the same small amount sent to them.

In these examples, we're using an LTC wallet with three Receive addresses, and the rest are change addresses.

Example 1

One of the addresses has dust, but no other funds. The main funds are on change or receive addresses.

In this case, all the addresses can be linked together if you spend from them without taking precautions.

Example 2

Two or more addresses have dust. The main funds are on change or receive addresses.

In this case, all the addresses can be linked together if you spend from them without taking precautions.

Example 3

Only one address with the main funds got dusted.

In this case, your addresses cannot be linked to you as long as you do not deposit any funds before spending or freezing the dust. Try making an ALL exchange to another asset or move ALL of your funds in this asset to another wallet.

Here's how to create a new Exodus wallet.

Example 4

The funds and the dust are on the first receive address. No funds or dust on other addresses.

In that case, you simply need to migrate all of the funds in this asset into another asset or wallet. If you decide to spend a partial amount of your funds, Exodus will have to use a new change address and there's no way to know whether a dust transaction gets spent right away without ever linking your receive and new change addresses together. Before spending the funds, try making an ALL exchange to another asset or move ALL of your funds in this asset to another wallet.

Here's how to create a new Exodus wallet.


My wallet is affected. What do I do?

The best, and sometimes, the only way to go is creating a new wallet. But you need to make sure the dust remains unmoved.

The following instructions are for advanced users. We highly recommend contacting us to receive detailed guidance if you have never successfully managed your private keys.

1
Create a new wallet, and move all of the unaffected assets to it. Here is how.
2
Find a wallet that has the following feature set:
  • non-custodial
  • private key import without moving funds
  • allows spending individual UTXOs or UTXO freezing

Various Electrum forks usually fit all the criteria above. Here are the official links:

3
Study the official documentation for this wallet to make sure the features mentioned are indeed present, and how to import private keys.
4
Get a display of your Exodus private keys for the affected asset. Here is how.
5
Import them into the wallet. You only need to import the private keys for addresses that have your main funds on them.
6
Select the UTXOs with your main funds.
  • If your main funds are on just one address, send all the UTXOs, except for the dust, to your new Exodus wallet address.
  • If you have funds on non-dusted addresses, send them to your new Exodus wallet address.
  • If you have multiple dusted addresses and your main funds are on one of those, you may need to create multiple wallets to escape this situation. Please, contact us and we will help you determine the best course of action.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us