Ethereum network activity surged to record levels, but much of it was "inflated" by a large-scale address poisoning attack, which caused millions of wallets to receive "dust" stablecoins to trick users into sending the wrong funds.
Indicators like the surge in new addresses and transactions might give the impression of explosive demand, but deeper analysis reveals that a significant portion is driven by stablecoins and automated behavior. This alters the interpretation of on-chain data and poses direct security risks to users.
- Ethereum activity reached record highs, but was heavily impacted by address poisoning via stablecoins.
- 67% of new addresses received less than $1 on their first transaction, indicating an unusual "dust" pattern.
- The Fusaka upgrade reduces ERC-20 transfer fees by nearly 6x, making spam/poisoning cheaper and easier to scale.
Ethereum network activity surged, but much of it came from stablecoin "dust."
The increase in new addresses and transactions on Ethereum looks very positive, but data suggests that about 80% of the increase comes from stablecoins, with many transactions being extremely small and serving the purpose of address poisoning.
On the surface, the metrics are impressive: the number of new Ethereum addresses is 2.7 times higher than the 2025 Medium . The peak occurred around January 12th with approximately 2.7 million new addresses, a 170% increase compared to the "normal" level.
Meanwhile, total weekly transactions increased by 63%, from 10.5 million to a record 17.1 million transactions. These numbers could easily be interpreted as a surge in user demand or an app boom, but the source of the activity needs to be examined.
When Andrey Sergeenkov delved into the data , he found that about 80% of the growth was related to stablecoins, primarily USDT and USDC. Stablecoins are often used in automated processes, so transaction distribution can be drastically skewed if widespread spam occurs.
In the "first stablecoin transaction" group, the pattern is even clearer: 67% of new addresses received less than $1 in their first transfer. A total of 3.86 million out of 5.78 million addresses received such small amounts of "dust," a typical sign of address poisoning.
In situations of volatile network activity, traders can combine observing funding, open interest (OI), and liquidation flows in the Derivative market to avoid misinterpreting "growth," and BingX serves as an additional point of reference when assessing short-term sentiment instead of relying solely on the number of new addresses.
What is address poisoning and why does it easily lead users to send money to the wrong person?
Address poisoning is a technique that involves sending a very small amount of Token from an address that closely resembles the victim's real address, aiming to trick the victim into mistakenly copying the transaction history and transferring funds to the attacker's wallet.
A common mechanism is that the attacker creates an address with the same first and last characters as the victim's real address, then sends a small Token to "mark" the transaction in the history. When the user needs to transfer money and copies the address from the history (instead of from a trusted source like a saved address book), they may mistakenly paste the attacker's address.
This type of attack exploits the user habits and interface of wallets/explorers, rather than breaking the cryptographic algorithm. Therefore, it is particularly dangerous for users who copy from recent transaction lists or only check the first and last few characters of the address.
Tracking USDT/ USDC below $1 reveals multiple large-scale "operators".
By filtering USDT and USDC transactions under $1 between December 15, 2025, and January 18, 2026, it is possible to identify sources of mass "dust" sends, with multiple entities scattering dust across hundreds of thousands of wallets.
Register now: BingX – The leading cryptocurrency trading platform.
Sergeenkov tracked USDT and USDC transfers under $1 and filtered for sending addresses distributing dust to at least 10,000 unique recipient addresses. From this, he discovered several groups/operations deploying poisoning on a large scale.
The top three contracts alone sent dust to over 1.6 million addresses. One contract distributed to 690,000 wallets, another to 589,000, and the third to 405,000. Such a large distribution scale could lead to a significant increase in "new addresses" and "transactions" metrics, even though they don't reflect the actual user flow.
Upgrading Fusaka lowers costs, making address poisoning profitable.
After Fusaka reduced ERC-20 transfer fees by nearly 6x, sending millions of spam transactions became significantly cheaper, allowing attackers to expand poisoning despite the very low success rate.
Previously, address poisoning was often considered "not worth the effort" due to its extremely low success rate, around 0.01%, so attackers had to rely on a few major mistakes to make money. In the case mentioned, one victim alone lost $509,000, and this accounted for the majority of the money stolen up to that point.
Starting in December, the landscape changed when Ethereum's Fusaka upgrade cut Medium ERC-20 transfer fees by nearly six times. With the cost per "spray" drop sharply, mass spamming models can more easily reach the break- Capital point, turning large-scale poisoning into a potentially profitable campaign.
New contracts also appeared in recent days, with one contract sending dust to 78,000 addresses. The large-scale attack contracts remained active, and significant losses often occurred towards the end when some victims began transferring substantial amounts of money and were careless in verifying their addresses.
Conclude
Ethereum's record growth during this period could be heavily "disrupted" by address poisoning, especially through stablecoins with dust amounts under $1. The reduction in ERC-20 fees after Fusaka made attacks cheaper, making large-scale dusting campaigns easier to deploy and increasing the risk of users sending the wrong funds.
Frequently Asked Questions
Why is the number of new Ethereum addresses increasing sharply but not reflecting the actual number of users?
Because many addresses were "activated" with stablecoin dust under $1 in the address poisoning campaign, inflating the number of new addresses and transactions without necessarily adding more organic users.
What on-chain indicators suggest that address poisoning may be occurring?
A large proportion of new addresses receiving their first transaction are extremely small amounts (e.g., under $1), concentrated in USDT/ USDC, and addresses sending dust distributes to tens of thousands to hundreds of thousands of wallets.
What does Fusaka have to do with the increase in address poisoning?
Fusaka reduces ERC-20 transfer fees by nearly 6x, making it cheaper for attackers to send mass spam, thereby expanding the scale of poisoning even though the victim rate is very low.
How can users reduce the risk of sending mail to the wrong address?
Avoid copying addresses from transaction history; use saved address books/whitelists, carefully check the entire address (not just the first/last few characters), and confirm it on your device screen before sending large sums of money.
