A recent jump in activity on the Ethereum network may not be as encouraging as it first appears. According to security researcher Andrey Sergeenkov, part of the surge is likely being driven by address poisoning attacks — a form of scam that has become cheaper to run as transaction fees fall.
Ethereum’s network has looked busier than ever in recent weeks. Active addresses nearly doubled to around 8 million in a month, while daily transactions climbed toward a record high of roughly 2.9 million. In the week starting Jan. 12 alone, Sergeenkov estimates that about 2.7 million new addresses appeared on the network, around 170% above normal levels.
But Sergeenkov warns that not all of this activity reflects genuine user growth.
Instead, a meaningful portion may be coming from large-scale spam campaigns known as address poisoning. These attacks take advantage of low transaction costs by flooding the network with tiny, low-value transfers designed to trick users — not to move real economic value.
Address poisoning works by sending small “dust” transactions from wallet addresses that closely resemble legitimate ones. Later, when users copy an address from their transaction history, they may accidentally send funds to the scammer instead of the intended recipient.
The tactic has become more attractive since Ethereum’s Fusaka upgrade in December, which helped cut average transaction fees by more than 60% in the weeks that followed. Lower fees make Ethereum cheaper and more accessible for everyday users — but they also reduce the cost of abuse.
“Address poisoning has become disproportionately attractive for attackers,” Sergeenkov said, warning that network upgrades focused purely on scale can distort headline activity metrics if user safety is overlooked.
To track the trend, Sergeenkov analyzed wallets whose first stablecoin transaction was worth less than $1, a common sign of dusting activity. He then identified addresses that had sent transactions to more than 10,000 recipients — a pattern typical of poisoning campaigns.
Some of the most aggressive wallets, he found, sent dust transactions to more than 400,000 addresses. So far, at least $740,000 has been stolen from 116 victims using this method.
The findings highlight a growing tension for Ethereum. Improvements that make the network faster and cheaper are good for adoption, but they also make spam and scams easier to scale. As a result, raw transaction counts and address growth no longer tell the full story of network health.
Sergeenkov argues the solution lies less in protocol changes and more in better wallet protections, clearer warnings, and safer user interfaces — especially as Ethereum continues to grow.
That focus on the user is echoed by Ethereum co-founder Vitalik Buterin. In a recent post, Buterin said the network is entering a new phase centred on restoring personal autonomy and improving the user experience, rather than chasing adoption at any cost.
“2026 is the year that we take back lost ground in terms of self-sovereignty and trustlessness,” Buterin wrote on X.
Together, record activity, falling fees, and rising participation suggest Ethereum is evolving. But as this episode shows, growth alone doesn’t tell the whole story — how that activity is generated matters just as much.
