Crypto Dusting Attacks: What to Do When Tiny Tokens Appear in Your Wallet
Learn what crypto dusting attacks are, why tiny mystery deposits show up in wallets, and the safest way to handle dust, fake airdrops, and memo links.
A tiny token deposit in your wallet can feel harmless. It may be worth less than a cent, it may have a strange name, or it may include a memo that points to a “claim” website. The safe move is usually boring: do not touch it.
A crypto dusting attack is not the same as someone hacking your hardware wallet. Ledger describes dust as tiny amounts of crypto sent to many addresses, often so attackers can track what happens later and try to deanonymize the owner. Coinbase gives the same practical warning: if the recipient moves or cashes out the dust, the attacker may use that activity for identity analysis and later phishing. Trezor also groups dusting with fake airdrop tokens because the danger often starts when the user interacts with an unexpected asset.
This guide explains what to do when dust, a fake airdrop, or a strange memo appears in a wallet you use with Ledger, Trezor, Tangem, Coinbase Wallet, or another self-custody app.
Short answer
| Situation | Safest response |
|---|---|
| You received a tiny amount of BTC, LTC, DOGE, or another UTXO-based coin | Leave it alone. Do not consolidate it with your real coins unless you understand coin control. |
| A random token or NFT appears and says to visit a website | Do not visit the site, connect your wallet, sign, or enter a recovery phrase. |
| A transaction memo contains a link | Ignore the memo. Treat it like a phishing message. |
| The asset clutters your portfolio | Hide it or report it inside the wallet app if that feature exists. |
| You are about to send real funds | Use your normal transfer checklist and compare the full destination address, not a history entry. |
Receiving dust by itself does not give an attacker control over your funds. The risk comes from spending the dust, approving a malicious contract, following a memo link, or letting the dust trick you into a bad transfer workflow.
Why dusting attacks work
Public blockchains expose addresses and transaction history. An attacker can send tiny amounts to many addresses and then watch whether those outputs move later. On Bitcoin-style UTXO chains, spending the dust together with other coins can help link addresses that were previously separate.
On smart-contract chains, the attack often looks less like classic Bitcoin dust and more like a fake airdrop. A token may appear with a name that resembles a website, a reward, or a claim page. The goal is to make you connect a wallet, sign an approval, reveal a seed phrase, or interact with a malicious contract.
That is why dusting overlaps with two other risks on this site: address poisoning scams and wallet approval scams. Dusting is mainly a privacy and phishing trigger. Address poisoning tries to make you copy the wrong destination address. Approval scams try to make you authorize a spender. The correct response is similar: slow down, do not interact with unsolicited assets, and verify addresses from the source rather than from wallet history.
What to do if dust appears in your wallet
1. Do not move it just to “clean up”
Moving a suspicious tiny deposit can be the exact behavior the sender wants to observe. If the dust is on a UTXO chain, combining it with your real coins may reduce privacy. If it is a fake token or NFT, interacting with it may lead you into a malicious contract or claim flow.
For most users, leaving it alone is safer than trying to remove it.
2. Hide or report it if your wallet supports that
Ledger says users can hide dust tokens from the portfolio view to avoid accidental interaction. Coinbase says unexpected dust can be left alone, and in supported Coinbase interfaces users can hide and report suspicious tokens. Trezor Suite also surfaces suspicious-token handling and warns users not to interact with unexpected assets.
Hiding is not the same as sending the asset away. It is mainly a user-interface cleanup that reduces the chance you click it later.
3. Never type your recovery phrase into a claim site
This is the hard rule. A real wallet provider will not need your seed phrase to remove a token, claim an airdrop, verify an account, or unlock a reward. If a memo, token name, NFT image, or website asks for your recovery phrase, it is trying to drain the wallet.
If you are still learning recovery safety, read seed phrase mistakes that cost people money and paper vs metal seed phrase backup before making changes to your storage setup.
4. Be careful with coin control
Advanced Bitcoin users can sometimes mark small UTXOs as “do not spend” or manually choose which coins to spend. That can help avoid consolidating dust with real funds. But coin control is not something to improvise under stress. If your wallet interface does not make the choice clear, do nothing until you understand the tool.
For a beginner using a hardware wallet, the practical answer is: ignore the dust and keep using fresh receiving addresses when your wallet supports them.
5. Separate dusting from address poisoning
Dusting and address poisoning both use unwanted transactions, but the failure mode is different. With address poisoning, the attacker wants a lookalike address to appear in your transaction history so you copy it later. With dusting, the attacker wants to observe behavior, push a scam link, or nudge you into interaction.
Before every real transfer, copy the address from the destination app, exchange, or invoice again. Do not copy from old wallet history. If the amount is meaningful, send a small test transfer first.
When should you worry?
Most dusting events are annoyances, not emergencies. You should take them more seriously if:
- the wallet holds a large balance;
- the dust arrived with a threatening message or phishing link;
- multiple addresses you thought were separate receive related dust;
- you already clicked a link, signed a transaction, or approved a token.
If you signed something suspicious on an EVM wallet, review and revoke token approvals from a trusted tool or move funds to a fresh wallet whose seed phrase has never touched a website. If you revealed your seed phrase anywhere online, assume that wallet is compromised and move funds to a new secure wallet immediately.
Hardware wallet buying angle
A hardware wallet can protect private keys from malware and fake wallet apps, but it cannot make every on-chain interaction safe. Ledger, Trezor, and Tangem users can still be tricked into sending to the wrong address, signing a malicious approval, or typing a recovery phrase into a fake site.
If you want a setup that lowers day-to-day mistakes, compare the practical tradeoffs in best hardware wallet for beginners, Ledger vs Trezor, and Tangem vs Ledger. The best wallet is the one whose signing screen, recovery process, and app workflow you will actually follow carefully.
Bottom line
If tiny mystery crypto appears in your wallet, do not panic and do not interact. Leave the dust alone, hide it if your wallet supports that, ignore memo links, never enter your recovery phrase online, and keep using fresh receiving addresses where possible. Dust is usually not dangerous by itself. The expensive mistake is letting it make you click, sign, approve, or copy the wrong address.