Following the implementation of the Fusaka upgrade in December 2025, the Ethereum network experienced a dramatic surge in activity, with daily transactions climbing past 2 million and active addresses hitting 1.4 million. While these figures initially signaled a massive wave of organic adoption driven by lower transaction costs, deeper analysis reveals that a significant portion of this growth is artificial, fueled by a malicious practice known as ‘address poisoning.’

Address poisoning functions as a social engineering tactic where attackers generate wallet addresses that mimic the first and last characters of a user’s legitimate transaction history. By sending negligible amounts of cryptocurrency to these victims, attackers hope users will accidentally copy the malicious address from their history during future transfers. While this strategy existed previously, the Fusaka upgrade’s reduction in gas fees has made it economically viable for bad actors to execute these attacks at an unprecedented scale.

Data regarding stablecoin activity highlights the severity of the issue, with nearly 43% of balance updates involving transfers of less than $1. The median transaction size for major stablecoins has plummeted from $100 to a mere $0.001, as attackers use smart contracts to batch millions of ‘dust’ transactions. These malicious entries now account for up to 35% of daily active addresses, effectively skewing network health metrics and creating a false narrative of user growth.

This trend presents a significant challenge for the Ethereum ecosystem, as the very features designed to improve accessibility have lowered the barrier for exploitation. Moving forward, the industry must prioritize the development of more sophisticated network metrics that filter out non-economic activity. Additionally, wallet providers are being urged to implement better security features, such as flagging suspicious low-value transfers and obscuring ‘dust’ entries in user histories to prevent accidental fund loss.

Key Takeaways

• The Fusaka upgrade's lower transaction fees have inadvertently enabled a massive increase in 'address poisoning' attacks.
• Malicious 'dust' transactions now account for 10-15% of total Ethereum volume and up to 35% of daily active addresses.
• Users are advised to manually verify full wallet addresses before every transaction, as attackers are exploiting the habit of copying addresses from history.

Editor’s Analysis & Impact

The rise of address poisoning on Ethereum serves as a cautionary tale regarding the trade-offs of network optimization. While scalability is essential for mass adoption, the reduction of transaction costs has fundamentally altered the threat landscape. By making spam economically feasible, the network has become a playground for social engineering, which threatens to erode user trust. From an industry perspective, this necessitates a shift in how we measure ‘success.’ Metrics like active addresses and transaction counts are no longer reliable indicators of organic growth without robust filtering mechanisms. Future development must focus on ‘security-by-design’ within wallet interfaces, shifting the burden of verification away from the end-user. If left unaddressed, this noise could obscure genuine network utility and complicate institutional analysis of blockchain health.

Frequently Asked Questions

Q: What is address poisoning?
A: Address poisoning is a scam where attackers create wallet addresses that look similar to your own and send tiny amounts of crypto to your wallet. The goal is to trick you into copying the wrong address from your transaction history when you send funds later.

Q: How can I protect myself from address poisoning?
A: Always verify the entire wallet address character-by-character before confirming a transaction. Never rely solely on your transaction history to copy and paste addresses, and consider using address book features or ENS names to ensure you are sending funds to the correct recipient.