If you opened your XRP wallet and noticed a small inbound transaction of 0.000001 XRP — or any similarly tiny amount you never requested — you may have been targeted by an address poisoning attack, also known as a dust attack.

What Is an XRP Dust Attack?

A dust attack occurs when a malicious actor sends an extremely tiny amount of cryptocurrency — "dust" — to a large number of wallet addresses. The goal is not to steal funds directly but to taint your transaction history with their wallet address.

The attack works like this: once the attacker's address appears in your transaction record, they hope you will accidentally copy the wrong address when you next make a payment — sending funds to the attacker instead of your intended recipient. This is especially dangerous in wallets that auto-populate addresses from transaction history.

Why XRP? The 0.00001 XRP Fee Makes It Cheap

The XRP Ledger's ultra-low transaction fee of 0.00001 XRP (10 drops) makes mass dust attacks economically viable. An attacker can send dust to 1,000,000 addresses for just 10 XRP in fees — roughly $13 at current prices. This low cost makes XRP particularly susceptible to dust campaigns compared to networks with higher fees.

How to Protect Yourself

• Never copy-paste addresses from your transaction history without carefully verifying every character.
• Use a hardware wallet (like Ledger) that clearly displays full addresses before confirming transactions.
• Always double-check recipient addresses character by character — attackers often use addresses that look similar to yours at first glance.
• Do not interact with the dust funds — leave them untouched in your wallet.
• If your wallet supports address labeling, mark suspicious incoming addresses as "SCAM — DO NOT USE."

Someone is sending you a tiny amount in the hope that your transaction record will be tainted with their address and you will inadvertently send funds to them instead of your intended recipient.

r/XRP Community Warning

What to Do If You've Already Been Targeted

1. Do not send any XRP from your wallet until you've verified your recipient's address through a trusted channel (not your transaction history).
2. Report the attacker's address to the exchange or wallet provider if possible.
3. Consider transferring your remaining XRP to a fresh wallet address that has not been dusted.
4. Enable any address whitelisting features your wallet supports.

The best defense is simple: always verify addresses independently, never trust your transaction history as a source of truth for recipient addresses.