Skip to main content

Warning About Unknown Small Deposits (Dusting Attacks)

This document explains what Dusting is, what precautions should be taken, and how to prevent potential damage when a very small amount of coins or tokens is sent to your wallet from an unknown address.

 

[What is Dusting?]

Dusting refers to the act of sending a very small amount of coins or tokens randomly to a user's wallet address.

These small transactions may be used to track wallet activity on the blockchain and may later lead to additional attacks such as phishing links, impersonation messages, or malicious DApp connections.

Dusting-en.png

 

[Has My Wallet Been Hacked?]

Receiving a very small amount of coins or tokens from an unknown source does not necessarily mean that your wallet has been hacked.

Because blockchain addresses are public information, anyone can send assets to a wallet address. Therefore, receiving small amounts of assets from unknown addresses can occur.

 

However, you should be extremely cautious of the following actions:

  • Clicking suspicious links included in transaction history (Often disguised as coin rewards or airdrop notices)

  • Visiting external websites related to the received asset

  • Requests asking for your recovery phrase (mnemonic), private key, PIN, or password for reasons such as wallet recovery, security checks, or asset verification

  • Requests to connect suspicious DApps or approve suspicious signatures (Approve)

[How to Prevent Damage from Dusting Attacks]

Please follow the security guidelines below.

  • Do not click or interact with suspicious very small-value transactions from unknown sources.

  • Do not trust links, website addresses, or messages included in transaction history or token names.

  • Never share your recovery phrase (mnemonic), private key, PIN, or app password with anyone.

  • If you connected your wallet to a suspicious DApp or approved a suspicious request, immediately review connected DApps and token approval history.

  • Do not directly select or copy addresses shown in recent transaction history. Dusting attacks may also involve Address Poisoning techniques, where fake addresses similar to legitimate ones are used to induce misdirected transfers. Therefore, always verify the full wallet address before sending coins. Please refer to the document below regarding Address Poisoning.

Phishing Alert: Beware of Similar Wallet Addresses (Same Prefix/Suffix, Altered Middle)

 

[How to Identify Possible Dusting Attacks]

The following situations may indicate a dusting or phishing attempt.

  • Very small amounts of coins or tokens repeatedly arriving from unknown addresses

  • External links included in the token name or memo field

  • Messages encouraging you to visit external websites for “wallet recovery,” “airdrop claims,” “security checks,” or “asset verification”

  • Someone impersonating customer support, developers, or official staff requesting your recovery phrase or signature approval

In these cases, do not click any links or perform additional actions, and simply ignore the asset.

 

[Take Immediate Action if You Suspect Damage]

Immediate security action is required in the following situations:

  • You entered your recovery phrase (mnemonic) or private key

  • You connected your wallet to a suspicious website or approved a signature request

  • Unauthorized transactions occurred

  • Your assets were moved without your permission

In such cases, please take the following actions immediately:

  • If possible, move your assets to a new secure wallet address immediately

  • Review connected DApps and token approval history

  • Submit a 1:1 inquiry to the official D'CENT Customer Support

  • Report to cybercrime authorities or investigative agencies if necessary

[Note]

  • Receiving a very small deposit from an unknown source alone does not mean your wallet has been hacked.

  • However, such deposits may lead to additional attacks such as phishing, impersonation, malicious links, or malicious DApp approval requests, so caution is required.

  • Also, do not click suspicious transaction history entries, and always verify the full address again before sending coins.

  • The most important rule is to never enter or share your recovery phrase (mnemonic), private key, PIN, or password.