Unsolicited tokens deposited into your wallet / dusting attacks
If you've ever had your wallet dusted before, it can be pretty confusing. "Someone gave me free money!" you may think. Like everything in life, there's no such thing as a free lunch.
What is a dusting attack?
A dusting attack is an attack in which a trace amount of crypto, called dust, is sent to thousands — sometimes even hundreds of thousands — of wallet addresses. This attack is deployed in order to track these addresses with the hope of “un-masking” or de-anonymizing them.
As a cryptocurrency user, you may boot up metamask one day and see an unrecognized token in your wallet. If you have ever posted your ETH / BSC / whatever crypto address anywhere on the internet, this will happen to you eventually.
Most of the time it's just a shitcoin creator sending their funds to addresses they have scraped from the internet, in order to promote their worthless coin. However, it is entirely feasible someone is trying to de-anonymize you. The dust can be tracked through the blockchain until it hits an exchange or lands in a wallet you are trying to keep anonymous.
Even if you are a small fish, it is inherently risky to swap or move tokens which you did not ask for.
The best course of action when you get dusted is to never touch those funds, ever. A good practice is to generate a new wallet address each time you accept crypto. Stacking all your coins into one wallet will increase the chance someone dusts you.
Even if this has never happened to you, being mindful of this attack vector will strengthen your crypto security. Good luck out there!