Skip to main content

Ataque de Poeira | Bitcoin Glossary | Mapping Bitcoin

Ataque de Poeira

Segurança

Also known as: dusting attack, dust spraying

Técnica de rastreamento que envia quantias minúsculas de bitcoin para múltiplos endereços, tentando desanonimizar carteiras ao analisar como esses valores são gastos posteriormente.

Overview

A dust attack is a blockchain surveillance technique in which an attacker sends very small amounts of bitcoin — just above the dust limit — to a large number of addresses. The attack itself does not steal funds or compromise keys. Instead, it exploits the common input ownership heuristic: when a recipient later spends the dust alongside their own UTXOs in a normal transaction, the attacker can link all those inputs to a single entity. This information is then fed into chain analysis tools to build a map of the victim's wallet and transaction history.

Dust attacks are a form of active surveillance. Unlike passive chain analysis, which merely observes publicly available blockchain data, dust attacks inject tracking markers into victims' wallets. The attack is low-cost — sending dust to thousands of addresses may cost only a few dollars in transaction fees — but can yield significant intelligence about address clustering and user behavior.

How a Dust Attack Works

Phase 1: Distribution
┌──────────────┐
│   Attacker   │
│              │──► 547 sats → Address A (Alice's wallet)
│  Sends dust  │──► 547 sats → Address B (Bob's wallet)
│  to many     │──► 547 sats → Address C (Carol's wallet)
│  addresses   │──► 547 sats → Address D (Alice's other address)
│              │──► 547 sats → Address E (Bob's other address)
└──────────────┘          ...hundreds or thousands more

Phase 2: Waiting
  The attacker monitors the blockchain for transactions
  that spend the dust outputs.

Phase 3: Linking
  Alice creates a transaction:
  ┌──────────────────────────────────────┐
  │ Inputs:                              │
  │   Address A:  0.00000547 BTC (dust)  │  ← Attacker's marker
  │   Address D:  0.05000000 BTC         │  ← Alice's funds
  │   Address F:  0.10000000 BTC         │  ← Alice's funds
  ├──────────────────────────────────────┤
  │ Outputs:                             │
  │   Address G:  0.14500000 BTC         │
  └──────────────────────────────────────┘

  Attacker now knows: A, D, and F belong to the same person.
  Address A was linked to "Alice" through a KYC exchange.
  Therefore, D and F also belong to Alice.

Who Conducts Dust Attacks

Dust attacks are primarily associated with:

  • Chain analysis firms such as Chainalysis and Elliptic, which provide surveillance services to governments and financial institutions
  • Law enforcement agencies investigating illicit use of Bitcoin
  • Malicious actors seeking to identify wealthy Bitcoin holders for targeted phishing, extortion, or physical attacks
  • Researchers studying Bitcoin network behavior and privacy properties

The identity of dust attackers is often unknown to victims. A sudden appearance of tiny UTXOs from unfamiliar addresses is typically the only indicator.

Defense Strategies

The most effective defense against dust attacks is awareness combined with proper UTXO management:

  • Coin control: Manually select which UTXOs to spend and never include unrecognized dust in transactions. Wallets like Sparrow and Electrum allow users to freeze suspicious UTXOs.
  • UTXO labeling: Tag every incoming UTXO with its source. Unknown tiny amounts should be labeled as potential dust attacks and frozen.
  • Do not spend dust: If suspicious dust is never spent, it cannot link addresses. Leaving it frozen permanently neutralizes the attack.
  • CoinJoin: If dust must be spent, mixing it through a CoinJoin round can break the link before it reaches the attacker's analysis, though this may not be economical for very small amounts.

Distinguishing Dust Attacks from Legitimate Transactions

Not every small incoming transaction is a dust attack. Legitimate small payments, faucet distributions, and rounding dust from exchanges are common. Key indicators of a dust attack include:

  • Very small amounts (near the dust limit of 294-546 satoshis)
  • Sent from an unknown address with no prior relationship
  • Multiple addresses in your wallet receiving similar tiny amounts simultaneously
  • The sending transaction has many outputs (a single transaction dusting hundreds of addresses)
  • Dust — the small UTXO amounts that give this attack its name
  • Chain Analysis — the surveillance methodology that dust attacks feed into
  • Coin Control — the primary defense against dust attacks
  • UTXO — the transaction model that makes dust attacks possible
  • Fungibility — the property that dust attacks undermine by tainting specific coins

Termos Relacionados

PoeiraProtocolo

UTXO com valor menor do que a taxa para gastá-lo. Saídas de poeira sobrecarregam o conjunto UTXO e são usadas em ataques de rastreamento de privacidade.

Análise de CadeiaSegurança

Análise da blockchain para rastrear fluxos e identificar usuários Bitcoin. Empresas vendem esses serviços a governos, motivando ferramentas de privacidade.

UTXOProtocolo

Saída de Transação Não Gasta: unidade de propriedade no Bitcoin. Cada UTXO tem valor e script de bloqueio; gastá-lo cria novos UTXOs como troco.

Controle de Moedasprivacy

Funcionalidade avançada de carteira que permite ao usuário selecionar manualmente quais UTXOs serão usados em uma transação, melhorando privacidade e gestão de taxas.

FungibilidadeEconomia

Propriedade em que cada unidade é idêntica e intercambiável. No Bitcoin é limitada pela rastreabilidade pública, motivando ferramentas como CoinJoin.