Let’s be honest—nobody enjoys opening their wallet and seeing it cluttered with sketchy, unsolicited tokens. On Solana, it’s not just annoying—it’s a sign that someone might be targeting you. Account dusting and address poisoning aren’t just harmless spam—they’re the tip of the spear for phishing, wallet drainers, and impersonation scams. In this article we explore hows, whys, and WTFs of these tactics, what makes Solana especially vulnerable to them, and how we can fight back.
Account dusting and address poisoning attacks have emerged as a serious and growing problem in the Solana ecosystem.
We'll also walk through some real-world examples, and share a few hot takes on how to future-proof your experience on Solana.
This report is a deep dive into how these attacks work, their impact, and what we can do about them. We won’t pretend to have all the answers, but we’ve built detection tools, studied the patterns, and listened to the community’s frustrations. Our hope is that this document provides tangible, actionable insights that help push the ecosystem forward.
Account dusting is the practice of sending tiny, unsolicited transactions—usually tokens—to user wallets. The transactions often look like harmless airdrops at first glance. But upon closer inspection, most of these tokens contain scam links or deceptive branding.
What’s wild is that attackers aren’t even necessarily trying to steal funds directly through the token. Instead, they’re baiting users to go off-chain—to scam dApps, phishing domains, or Telegram groups. The ultimate goal? Trick a user into connecting their wallet and draining it.
Key Patterns:
This is where it gets particularly deceptive. Address poisoning involves sending low-value transactions from a wallet that looks like one you've interacted with before.
These fake addresses often have similar prefixes or suffixes as legitimate ones. The goal? Trick you into copying the wrong address when you're about to send funds.
Some variants even mimic prior transaction history using memos or identical formatting to confuse the user.
It’s an attack on muscle memory and wallet UX.
Using Flipside Crypto and Helius API data, we analyzed over 60,000 wallets and found that spam-style transactions are increasing sharply. Peaks often correlate with airdrop announcements or protocol launches—high-attention moments when users are more likely to interact with unknown tokens.
Quick Stats: