Ethereum’s “Record” Activity is a Mirage: Address Poisoning Attacks Drain $740K
Record-breaking transaction volume on Ethereum is being driven by a coordinated scam campaign, not organic growth, as low fees post-Fusaka upgrade enable industrial-scale address poisoning.
Ethereum’s network data is lying to you. While daily transactions hit a historic 2.88 million on January 16, the surge is not organic adoption. It is a coordinated infrastructure attack. On-chain researcher Andrey Sergeenkov confirmed the activity spike is driven by massive address poisoning campaigns, which have already siphoned over $740,000 from victims this week.
The Fusaka Effect
The catalyst for this spam wave is the very upgrade meant to scale the network. December’s Fusaka upgrade slashed gas fees by over 60%, unintentionally making industrial-scale dusting attacks economically viable. Attackers are now flooding the network with millions of sub-$1 transfers to inject lookalike wallet addresses into user transaction histories.
The data paints a bleak picture of this “growth”:
- 2.7 million new addresses appeared in the week of Jan 12 (a 170% deviation from the baseline).
- 67% of these new wallets received less than $1 in their first interaction.
- Smart contracts are batch-generating these addresses to mimic legitimate high-volume wallets.
“You can’t scale infrastructure without first addressing user security issues! And while the industry celebrates record metrics, people are losing their funds because Ethereum developers improved the architecture for mass attacks.” Andrey Sergeenkov
The Poisoning Mechanism
The scam relies on user negligence. Attackers generate addresses that match the first and last characters of a user’s frequently used counterparty. They then send a “dust” amount (e.g., 0.0001 USDC) to the user’s wallet. When the user goes to copy-paste an address for a future transaction from their history, they inadvertently select the attacker’s lookalike address.
ETH traded softly at $3,195 (-2.8%) as the market digested the discrepancy between bullish on-chain metrics and the bearish reality of the exploit. Until wallets implement stricter address-matching UI warnings, the Fusaka upgrade’s low fees will continue to subsidize the theft.
