A recent spike in activity on the Ethereum network may be partly driven by address poisoning attacks that have become cheaper to execute amid falling transaction fees, according to security researcher Andrey Sergeenkov . Key Takeaways: Part of Ethereum’s recent activity surge may be driven by address poisoning spam rather than organic user growth. Lower gas fees after the Fusaka upgrade have made large-scale poisoning attacks cheaper. More than $740,000 has been stolen via dusting campaigns. The warning follows reports that Ethereum’s network activity retention nearly doubled to 8 million addresses within a month, while daily transactions climbed to a record near 2.9 million. Sergeenkov said the week starting Jan. 12 alone saw around 2.7 million new addresses, roughly 170% above typical levels, alongside daily transactions consistently exceeding 2.5 million. Ethereum Activity Spike May Be Driven by Address Poisoning While the surge initially appeared to signal organic growth, Sergeenkov cautioned that part of the increase could be attributed to large-scale spam campaigns known as address poisoning. These attacks exploit low fees by flooding the network with small transactions designed to trick users rather than facilitate legitimate activity. Address poisoning works by sending tiny transfers from wallet addresses that closely resemble legitimate ones. When users later copy an address from their transaction history, they may unknowingly send funds to the attacker instead. Something extraordinary happened on @Ethereum last week. On Friday, January 16, #Ethereum mainnet hit 2.9M #transactions in a single day (see Chart 1) — a new all-time high per @Etherscan . That activity was accompanied by a sharp jump in daily active addresses: ~1.3M (Chart 2),… pic.twitter.com/8EvKFymfWV — Victor "DeFi Toronto" Li (@CryptoEcon_Li) January 19, 2026 The tactic has grown more economical since Ethereum’s Fusaka upgrade in December, which cut network fees by more than 60% in the following weeks. “Address poisoning has become disproportionately attractive for attackers,” Sergeenkov said, adding that scaling blockchain infrastructure without prioritizing user safety risks distorting headline activity metrics. To track the attacks, Sergeenkov analyzed wallets that received less than $1 as their first stablecoin transaction, identifying clusters of so-called “dust distributor” addresses. He then filtered for those that had sent transactions to more than 10,000 recipients, a pattern consistent with poisoning campaigns. Some of the most active distributor wallets sent dust to more than 400,000 addresses, he said. So far, more than $740,000 has been stolen from at least 116 victims using this method. The findings highlight a tension emerging from Ethereum’s improved efficiency. Lower fees have made the network more accessible for users and developers, but they have also reduced the cost of abuse. Sergeenkov said the episode underscores the need for better wallet-level protections and clearer user warnings, arguing that raw transaction growth alone is not a reliable measure of healthy network adoption. Buterin Says Ethereum Is Entering a New Phase Focused on User Autonomy Ethereum co-founder Vitalik Buterin has framed the moment as more than a technical milestone. In a recent post , he said the community is entering a phase focused on restoring personal autonomy and improving user experience, arguing that earlier compromises made in pursuit of adoption no longer need to define the network’s future. “2026 is the year that we take back lost ground in terms of self-sovereignty and trustlessness,” Buterin said in an X post. Together, record activity, falling fees, and rising participation suggest Ethereum is entering a new phase, one where scale no longer comes at the expense of accessibility. The post Ethereum Network Activity Surge Linked to Address Poisoning Attacks: Researcher appeared first on Cryptonews .
