What is a Bitcoin dust attack

In Bitcoin, your balance is a collection of unspent transaction outputs called UTXOs. A dust attack occurs when an attacker sends a very small UTXO to one or many of your addresses. The amount is intentionally tiny, often worth pennies, and the goal is not theft. The objective is to tempt you into spending that tiny output together with other coins, which links those coins on the public ledger. Once connected, anyone watching can build a more complete picture of your holdings and spending.

Dust is often defined informally as an output that costs more in fees to spend than it is worth. Fee markets change, so there is no fixed number that always counts as dust. The core problem is not the value itself but the privacy impact when this small piece is combined with your other UTXOs.

Treat every unexpected small UTXO as suspicious until proven harmless. Good UTXO hygiene means controlling what you spend together.

Why Canadians should care

Canada has a mature cryptocurrency ecosystem with regulated on-ramps and payment rails. If you purchase Bitcoin through popular Canadian exchanges that comply with FINTRAC requirements, aspects of your identity will already be known to the platform. Dust attacks can exploit this by attempting to link your exchange withdrawals to later spending behavior, even after you move coins to self-custody. If you share a static address on a website, invoice, or social profile, a dust attacker can also tag that address to map your network of payments.

• Privacy risk: Combining a dust UTXO with your savings can reveal your total holdings or business cash flow.
• Fee drag: Managing or accidentally spending dust can increase transaction size and fees.
• Record keeping: Even tiny movements are entries you may need to reconcile for personal or business bookkeeping in Canada.
• Operational risk: A dust output that is not quarantined can accidentally be auto-selected by a wallet that lacks coin control.

For Canadian businesses that accept Bitcoin, privacy affects competitive strategy. For individuals, it affects personal safety. In both cases, preventing dust from contaminating your UTXO set is part of a healthy self-custody routine.

How dust attacks unfold

1. An attacker scrapes public addresses or derives addresses you previously exposed, for example on donation pages or public invoices.
2. The attacker broadcasts transactions that send small outputs to those addresses. The amounts are chosen to be small enough that many users will ignore them.
3. Later, if your wallet automatically selects inputs without coin control, it may mix the dust with your regular UTXOs.
4. When you spend, the combined inputs create a link on-chain. The attacker analyzes these links to cluster your coins together, inferring balances and relationships.

The attack is subtle. Nothing is stolen. The loss is your privacy and potentially higher fees in the future. For long-term Bitcoin users, this cumulative effect can be significant.

Recognizing dust in your wallet

You can catch dust early if you make UTXO visibility part of your routine. Not every wallet exposes UTXOs clearly, so choose tools that do. Warning signs include unexpected tiny deposits, a cluster of small outputs arriving from unknown senders, or an abrupt change in your wallet’s input selection behavior.

• Enable coin control. Check for new UTXOs below your normal deposit size. If you typically receive 100,000 sats per transfer and you see a string of outputs near a few hundred or a few thousand sats, investigate.
• Audit addresses. If a static address was displayed publicly, assume it could be a dust target. Rotate to fresh receive addresses and avoid reusing the old one.
• Watch-only monitoring. Maintain a watch-only wallet on a phone or laptop to spot suspicious activity without risking keys.
• Label everything. Tag known deposits by source, purpose, and date. Anything unlabeled and tiny deserves a quarantine tag like Do Not Spend.

Canadian context: exchanges, banking, and compliance

Many Canadians fund Bitcoin purchases with Interac e-transfer or wire and withdraw to self-custody. Reputable Canadian platforms verify identities and maintain compliance programs. That is good for consumer protection but it also means your on-ramp withdrawals are likely associated with your identity inside those platforms. A dust attack that correlates your withdrawal addresses with later spending can reveal far more than you intend to share publicly.

For bookkeeping, treat every UTXO as inventory. If you later decide to sweep or discard dust, record those movements so your cost basis and disposition records remain accurate. The Canada Revenue Agency treats cryptocurrency as a commodity for tax purposes. Dispositions can be taxable events depending on context. That is a strong reason to keep tidy records, even for small amounts.

Prevention: build a wallet that resists dust

1) Use fresh addresses and avoid reuse

Most modern wallets generate a new address for each receive. Always use a fresh one. Avoid posting a single static address publicly. If you must show a static payment code, consider rotating it on a schedule and monitoring it closely for dust.

2) Separate accounts by purpose

Create separate wallets or accounts for savings, spending, and business operations. A dust attack against a public donation address should never contaminate your cold savings. Keep a strict no-mixing policy across these categories.

3) Choose wallets with coin control and UTXO freezing

Look for features like input selection, UTXO labels, freeze or exclude flags, and change address visibility. These let you quarantine suspicious outputs and keep them out of future transactions.

4) Review change strategy

When you spend, your wallet often creates a change output. If a dust UTXO sneaks into your input set, your change can become linked to it. Verify that your wallet can show which inputs will be used and where change will return. Spend only from clean UTXOs so the resulting change remains clean.

5) Monitor small inbound transfers

Set alerts for incoming amounts below your normal threshold. If you are a Canadian merchant, build a simple rule: anything below your minimum invoice amount is suspect until cross-checked against an order.

6) Educate your team and family

If a family member or staffer controls a spending wallet, make sure they know not to accept or spend unexpected tiny deposits. One careless click can link your entire UTXO set.

Response playbook: what to do when you are dusted

If you discover dust, the goal is to prevent linkage and decide whether you will sweep, ignore, or eventually consolidate that output. Follow this checklist.

1. Label it. Tag the UTXO as Suspected Dust or Do Not Spend. Good labels reduce mistakes months later.
2. Freeze or exclude. Use your wallet’s feature to freeze the UTXO so it cannot be auto-selected.
3. Quarantine account. If the dust landed in a hot wallet, consider moving all clean funds to a new wallet and retiring the compromised one.
4. Decide on disposal. Options include leaving it unspent indefinitely, sending it to a separate quarantine wallet, or consolidating with other dust only when fees are very low.
5. Consolidate deliberately. If you consolidate, create a transaction that spends dust UTXOs together without mixing with clean coins. Target a low-fee window and use fee bumping tools if needed.
6. Verify inputs and change. Before broadcasting, double-check that only the intended dust UTXOs are selected and that change is directed to an address reserved for dust management.
7. Document it. Record the transaction ID and your notes for bookkeeping and future audits.

Some users prefer to ignore dust permanently. That is acceptable if your wallet supports freezing and if your balance view will not mislead you. The key is to avoid combining the dust with valuable coins.

Cold storage and PSBT: spending without contamination

Cold storage is where most long-term Bitcoin belongs. To spend securely without risking contamination, use a two-device workflow. Prepare the transaction on a networked device in a watch-only wallet. Select only clean inputs using coin control. Export the unsigned transaction as a Partially Signed Bitcoin Transaction file and sign it on your offline device. Return the signed transaction to the online device for broadcast. This protects your keys and preserves UTXO hygiene in one workflow.

• Benefits: No private keys touch the internet, precise input selection, and deterministic change destinations.
• Risk to avoid: Never allow the watch-only wallet to auto-select inputs. Always verify that only clean UTXOs are included.

Fees, RBF, and CPFP for dust management

Fee markets fluctuate based on network demand. When consolidating dust or moving coins between internal wallets, aim for periods with lower fees. If you want flexibility, enable Replace by Fee so you can raise the fee later without creating new links. For transactions stuck during a fee spike, Child Pays for Parent can add fee pressure without touching clean UTXOs, provided you construct the child carefully.

• Use low-fee windows to batch or consolidate dust UTXOs together.
• Prefer RBF for consolidations so you can adjust fees without change of inputs.
• If using CPFP, ensure the child transaction does not merge clean and dust funds.

Case study: a Toronto donor wallet gets dusted

A small nonprofit in Toronto posted a static Bitcoin address on its website for donations. Over time, the wallet accumulated regular gifts and a handful of tiny transfers that nobody recognized. Months later, a volunteer used the same wallet to pay an event vendor. The wallet auto-selected inputs and combined two tiny unrecognized UTXOs with normal funds. Within days, the nonprofit received suspicious messages referencing their total balance and recent spending, which had become trivial to infer from linked transactions.

Remediation involved migrating clean funds to a new wallet, freezing suspect UTXOs, and rebuilding the donations workflow. The nonprofit switched to unique addresses per invoice, added coin control, and trained staff to label and quarantine unknown small deposits. The result was improved privacy, cleaner records, and lower fees due to better input selection.

Business operations: policies that scale

If you are a Canadian business accepting Bitcoin, codify UTXO hygiene in your standard operating procedures. Treat it like cash management with a digital twist.

• Accounts by role: One wallet for revenue collection, another for treasury cold storage, and a spending wallet for payables. No cross-mixing.
• Threshold rules: Any inbound below a set minimum triggers manual review and quarantine.
• Daily reconciliation: Label UTXOs by invoice ID or order number. Dust with no order match is frozen.
• Consolidation windows: Pre-approved low-fee windows for batching dust and housekeeping.
• Access controls: Limit who can broadcast transactions and who can change coin selection settings.

Clear documentation helps with audits and reduces training costs. It also supports compliance readiness if you work with Canadian financial institutions that request proof of controls.

Personal security: pairing privacy with safety

Dust attacks are about visibility. If your holdings become visible, you may face social engineering and phishing risks. Combine UTXO hygiene with basic safety.

• Keep balances out of screenshots and presentations. Assume images live forever.
• Use different wallets for public donations and private savings. Never move funds directly between them.
• Harden communications. Use out-of-band verification for any payment change requests.
• Beware of Interac e-transfer phishing tied to crypto purchases. Attackers sometimes leverage off-chain messages to trick you into on-chain mistakes.

Tool checklist: features to prioritize in 2025

Whether you prefer a desktop wallet, a mobile app, or a hardware-first setup, verify that your stack includes these capabilities. They are essential for dust defense and general Bitcoin hygiene.

• Coin control with manual input selection and clear UTXO lists.
• UTXO labels, tags, and freeze or exclude toggles.
• Replace by Fee and Child Pays for Parent support.
• Change address visibility and the ability to direct change to a specific account.
• Watch-only wallets and PSBT workflows for cold storage.
• Bitcoin-only focus or a clear separation from other cryptocurrencies to reduce confusion and address reuse.

Consolidation strategy without compromising privacy

Even with good hygiene, small fragments accumulate over time. Consolidation is the process of merging small UTXOs into fewer, larger ones to reduce future fees. The trick is consolidating without revealing linkages you care about.

1. Define pools. Maintain separate pools for savings, spending, revenue, and dust. Do not cross the streams.
2. Time the market. Consolidate during lulls in network demand to minimize cost.
3. Use pool-pure inputs. Spend only within the same pool so the resulting outputs stay logically separated.
4. Monitor address exposure. Avoid reusing addresses. Verify that the change returns to the correct pool.
5. Evaluate privacy impact. If consolidation would connect unrelated sources, postpone or redesign the plan.

By consolidating thoughtfully, you lower long-term fees and keep your transaction graph clean. That makes future spending simpler and cheaper.

Education and drills: practice before it is urgent

Security improves with repetition. Schedule a short quarterly drill where you review UTXO lists, refresh labels, and test your freeze and coin control workflows. If you manage a family or business treasury, turn this into a checklist everyone can follow.

• Run a watch-only review. Scan for unknown small deposits.
• Tag and freeze. Confirm that dust remains excluded after updates.
• Dry-run a PSBT. Build a dummy transaction using only clean inputs and walk through signing steps offline.
• Backups. Verify that your seed phrase and any passphrase are recorded securely and accessible to the right people.

Quick-reference checklist

• Fresh receive address for every inbound payment.
• Separate wallets by purpose. No mixing across savings, spending, and business.
• Coin control enabled. Inputs are never auto-selected for important spends.
• UTXO labels applied. Unknown tiny amounts are tagged and frozen.
• Watch-only monitoring active on a non-signing device.
• PSBT workflow for cold storage spending.
• RBF and CPFP supported for flexibility during fee swings.
• Scheduled housekeeping during low-fee windows for dust-only consolidation.
• Documentation and bookkeeping captured for every movement.