Record growth is being seen by Ethereum, but malicious ‘address poisoning’ campaigns are exploiting low fees to drive activity.
The highest daily network growth in the history of Ethereum is currently being reported, a statistical surge that ostensibly signals a massive return of user activity.
A total of 2.9 million transactions were processed by the Ethereum mainnet over the past week, representing a new all-time high according to Token Terminal data.
This activity was accompanied by a sharp jump in daily active addresses, which were increased to approximately 1.3 million from roughly 0.6 million in late December.
Critically, this explosion in throughput has been achieved while transaction costs have remained negligible. Average transaction fees have been maintained within the “pennies” range of $0.10 to $0.20 by the network, despite the record demand.
A fundamental shift in economic accessibility was represented by this, for a network where fees were historically seen to spike between $180 and $200 during the 2021-2022 NFT boom.
However, it is suggested by forensic analysis that this growth is not entirely organic. While surface metrics indicate a bull-market revival, warnings are issued by security researchers that a significant portion of this traffic is driven by malicious actors.
Industrial-scale “address poisoning” campaigns are being launched by these attackers, who are exploiting the network’s newly lowered fees to target users with automated scams disguised as legitimate activity.
The Scaling Landscape
To understand the sudden spike in volume, the recent structural changes to the Ethereum protocol must be looked at. For years, the network was powerful but was rendered economically unusable for most people.
It was pointed out by Leon Waidmann, head of research at the Onchain Foundation, that since his entry into crypto, Ethereum mainnet fees were simply too high for the average user.
It was noted by him that the network was too expensive for retail, too expensive for frequent usage, and too expensive for the construction of consumer-scale apps.
However, that was changed about one year ago when the network was methodically scaled by Ethereum developers while they attempted to protect decentralization and security.
Three major protocol upgrades were led to by this, which advanced the roadmap.
The May 2025 “Pectra” upgrade was the first, through which blob capacity was increased by raising the target blobs per block from 3 to 6 and the maximum from 6 to 9. This effectively doubled the expected blob throughput.
Then, the network’s “Fusaka” upgrade was followed in December 2025 by the shipping of Peer Data Availability Sampling (PeerDAS). This allowed blob availability to be verified by validators via sampling rather than downloading the entire dataset, enabling higher throughput while keeping node requirements reasonable.
Most recently, the blob target was raised from 10 to 14 and the max to 21 by the Blob Parameter-Only (BPO) fork in January 2026. These pragmatic updates were designed to unlock significant capacity for the blockchain network.
The economic effects of these upgrades were made apparent quickly as the network’s mainnet fees dropped sharply, and simple transactions became cheap again.
It was pointed out by Waidmann that building directly on Layer 1 became viable at scale, prompting prediction markets, real-world assets, and payments to move back to the mainnet.
At the same time, stablecoin transfers on the network were recorded at approximately $8 trillion in the fourth quarter.
Ethereum’s Record Activity Isn’t Translating Into Real Value
While the record activity shows signs of a blockchain in the ascendancy, it is suggested by on-chain data that these activities have not added real value to the network.
It is shown by data from Alhpractal that a decline is occurring in the Metcalfe Ratio, which compares market capitalization to the square of the number of active users. It is indicated by this that valuation is not keeping pace with real network adoption.
Additionally, it is reflected by Ethereum’s Adoption Score, currently at level 1, that the market is in its lowest historical tier. A cold market is indicated by this, where valuation is maintained at a low level relative to on-chain activity.
In light of these findings, it was suggested by Matthias Seidl, the co-founder of GrowThePie, that the network’s activity increase might not be organic.
An example was cited by him of a single address receiving 190,000 native ETH transfers from 190,000 unique wallets in a single day.
It was noted by Seidl that the number of wallets receiving native transfers remains relatively stable, but the number of wallets sending native transfers has increased significantly (2x). It was also highlighted by him that many native transfers (sending vanilla ETH) utilize only 21,000 gas, the least expensive form of EVM transaction.
Nearly 50% of all transactions are currently accounted for by these transfers. In comparison, roughly 65,000 gas is cost by sending an ERC20 token, and as much gas as three native ETH transfers is needed by a single stablecoin transfer.
What Is Address Poisoning?
Meanwhile, an old scam is being traced to Ethereum’s latest burst of on-chain activity, having been repackaged for an era of cheaper fees.
It was noted by security researcher Andrey Sergeenkov that a wave of address-poisoning campaigns has been exploiting low gas costs since December, inflating network metrics while seeding transaction histories with lookalike addresses designed to trick users into sending real funds to attackers.
The mechanics of these attacks are simple: “poisoning” addresses that resemble a target’s legitimate wallet address are generated by scammers by matching the first and last characters. After a victim completes a normal transfer, the attacker sends a small “dust” transaction to the victim so the spoofed address appears in their recent history.
The bet is that, at some later point, the familiar-looking address will be copied by the user from their activity feed without verifying the full string.
In light of this, the surge in new Ethereum addresses is tied to that playbook by Sergeenkov. It is estimated by him that new address creation ran about 2.7 times the 2025 average, with a peak of roughly 2.7 million new addresses recorded during the week of Jan. 12.
When the flows behind the growth were decomposed by him, it was concluded that roughly 80% was driven by stablecoin activity rather than organic user demand.
To test whether this looked like poisoning, a telltale signature was sought by Sergeenkov: addresses that received a sub-$1 stablecoin transfer as their first interaction.
By his count, that pattern was fit by 67% of the new addresses. In absolute terms, it was found by him that 3.86 million out of 5.78 million addresses received “dust” as their first stablecoin transaction.
The search was then narrowed by him to the senders: accounts moving less than $1 of USDT and USDC between Dec. 15, 2025, and Jan. 18, 2026.
Unique recipients for each sender were counted and filtered by Sergeenkov for those distributing to at least 10,000 addresses. What surfaced, he says, were smart contracts designed to industrialize the campaign. These are codes that can bankroll and coordinate hundreds of poisoning addresses in a single transaction.
One contract reviewed by him included a function labeled fundPoisoners, which, in his description, disperses stablecoin dust and a small amount of ETH for gas to a large batch of poisoning addresses at once.
Millions of potential targets are then sent dust by those addresses, who fan out to manufacture misleading entries in wallet transaction histories.
Scale is relied upon by the model as most recipients will never fall for it, but the economics work if a tiny fraction do.
The effective conversion rate is pegged by Sergeenkov at around 0.01%, implying the business is built to tolerate extreme failure rates. In the dataset he analyzed, about $740,000 was collectively lost by 116 victims, with $509,000 of that total being accounted for by a single loss.
Cost has historically been the gating factor. Millions of on-chain transactions are demanded by address poisoning that do not directly generate revenue unless funds are mis-sent by a victim.
It is argued by Sergeenkov that, until late 2025, mass-send strategies were made harder to justify by Ethereum network fees. However, with transaction costs roughly six-fold lower, the risk-reward calculus was shifted sharply in favor of the attacker.
In light of this, it was argued by Sergeenkov that scaling Ethereum throughput without hardening its user-facing safety has created an environment where “record” activity can be indistinguishable from automated abuse.
In his view, a darker reality—where mass-targeted scams are easily subsidized as legitimate adoption by cheaper blockspace—is risked being masked by the industry’s obsession with headline network metrics, leaving retail users to bear the loss.
