Written by: Oluwapelumi Adejumo
Translated by: Luffy, Foresight News
Ethereum's current daily network growth data has reached an all-time high. On the surface, this surge in statistics marks a significant return of user activity.
According to Token Terminal data, the Ethereum mainnet processed 2.9 million transactions in the past week, setting a new historical record.
At the same time, the number of daily active addresses has also seen a substantial increase, rising from about 600,000 in late December to approximately 1.3 million.
The key point is that this explosive growth in throughput has occurred while transaction costs remain very low. Despite record-high transaction demand, the average fee has consistently stayed in the range of $0.1 to $0.2.
Ethereum on-chain activity, data source: Token Terminal
For a network like Ethereum, which saw fees soar to between $50 and $200 during the NFT boom of 2021-2022, this change signifies a fundamental shift in its transaction threshold.
However, analysis shows that this growth is not entirely organic. While surface indicators seem to suggest a bull market revival, security researchers warn that a significant portion of the network's traffic is actually driven by malicious actors.
These attackers are exploiting Ethereum's drastically reduced fees to launch industrial-scale "address poisoning" attacks, disguising automated scams as legitimate transactions to execute targeted fraud against users.
Background of Network Expansion
To understand the sudden surge in transaction volume, one must pay attention to the recent structural changes in the Ethereum protocol. For years, while the Ethereum network has been powerful, its transaction costs have been prohibitively high for most users.
Leon Waidmann, research director at the Onchain Foundation, pointed out that since he entered the crypto industry, the fees on the Ethereum mainnet have been absurdly high for ordinary users.
He stated that Ethereum's transaction costs are not only too high for retail investors but also too expensive for building consumer applications.
This situation saw a turning point about a year ago: the Ethereum development team systematically optimized the network for scalability while striving to maintain decentralization and network security.
A series of protocol upgrades were implemented, advancing Ethereum's scalability roadmap, with three core upgrades.
The first was the Pectra upgrade in May 2025, which increased the target Blob data amount per block from 3 to 6 and the maximum from 6 to 9, directly doubling the expected processing capacity for Blob data.
Subsequently, in December 2025, Ethereum completed the Fusaka upgrade, introducing node data availability sampling technology (PeerDAS). This technology allows validators to verify the availability of Blob data through sampling rather than downloading the entire dataset, further enhancing network processing capacity while keeping node operation thresholds reasonable.
The latest upgrade, a Blob parameter fork in January 2026, raised the target Blob data amount per block from 10 to 14 and the maximum from 14 to 21. These upgrades aim to unlock significant network processing capacity for Ethereum.
The economic effects of the upgrades quickly became apparent: Ethereum mainnet fees plummeted, and simple transactions returned to a low-cost state.
Leon Waidmann noted that large-scale development directly on the Ethereum mainnet has become feasible, which has led to a resurgence of prediction markets, real-world asset trading, and payment services returning to the mainnet.
At the same time, the scale of stablecoin transfers on the Ethereum network reached approximately $8 trillion in the fourth quarter of last year.
Ethereum's Record Activity Lacks Actual Value Support
Although record activity seems to signify Ethereum's rise, on-chain data shows that these transaction activities have not created actual value for the network.
Data from Alphractal indicates that the Metcalfe ratio, which measures the ratio of market capitalization to the square of active user numbers, continues to decline, meaning that Ethereum's valuation growth has not kept pace with actual network adoption.
Ethereum's Metcalfe ratio, source: Alphractal
Moreover, Ethereum's network adoption score is currently at level 1, the lowest in history. This data reflects the current market's stagnation, with the network's valuation being low relative to on-chain activity.
Based on this, Matthias Seidl, co-founder of GrowThePie, believes that the recent increase in Ethereum's activity is not organically formed.
He cited a specific address as an example: this address received 190,000 ETH transfers from 190,000 unique wallets in a single day.
Matthias Seidl pointed out that while the number of wallets receiving ETH transfers remains relatively stable, the number of wallets initiating transfers has surged. He also emphasized that a large number of ETH transfers only consume 21,000 Gas, which is the lowest cost transaction type in the Ethereum Virtual Machine (EVM).
Ethereum EVM transaction costs, data source: GrowThePie
Currently, these low-cost native transfers account for nearly 50% of all transactions on Ethereum. In contrast, sending an ERC20 token consumes about 65,000 Gas, and a stablecoin transfer's Gas consumption is equivalent to the sum of three ETH transfers.
Address Poisoning: Scams Resurface
Meanwhile, the surge in Ethereum's on-chain activity stems from a classic scam that has resurfaced in the era of low fees.
Security researcher Andrey Sergeenkov pointed out that since December of last year, a wave of address poisoning attacks has been spreading, taking advantage of Ethereum's low Gas fees: while boosting various network metrics, they implant counterfeit addresses into users' transaction records, enticing users to transfer real assets to the attackers.
The operation of these attacks is quite simple: the scammers generate "poisoned addresses" that match the first and last characters of the target user's legitimate wallet address; after the victim completes a normal transfer, the attacker sends a small "dust transaction" to them, causing the counterfeit address to appear in the victim's recent transaction history.
They gamble that users will subsequently copy this seemingly familiar address directly from their transaction history when making transfers, without verifying the complete address string.
Based on this, Andrey Sergeenkov associates the surge in new Ethereum addresses with this scam technique. He estimates that the current creation of new Ethereum addresses is about 2.7 times the average level in 2025, with the number of new addresses created in the week of January 12 reaching approximately 2.7 million.
Data on address poisoning attack victims, data source: Andrey Sergeenkov
After analyzing the flow of funds behind this growth, he concluded that about 80% of the transaction activity is driven by stablecoin trading rather than organic user demand.
To verify whether this growth is caused by address poisoning, Andrey Sergeenkov looked for a hallmark feature: the first transaction of addresses receiving stablecoin transfers of less than $1.
Statistics show that 67% of new addresses meet this criterion. Specifically, among 5.78 million new addresses, 3.86 million had their first stablecoin transaction as receiving a "dust transfer."
He then shifted his research focus to the initiators of the transfers: he analyzed accounts that sent USDT and USDC transfers of less than $1 between December 15, 2025, and January 18, 2026.
Andrey Sergeenkov counted the number of unique receiving addresses for each initiating account and filtered out accounts that initiated transfers to at least 10,000 addresses. The results revealed that these accounts were backed by smart contracts specifically designed for industrial-scale address poisoning, capable of funding and coordinating hundreds of poisoned addresses in a single transaction.
One of the contracts he studied contained a function labeled fundPoisoners, which, according to its description, could distribute stablecoin dust to a large number of poisoned addresses at once, along with a small amount of ETH for Gas fees.
These poisoned addresses would then disperse, sending dust transfers to millions of potential targets, creating misleading entries in their wallet transaction records.
The core of this scam model lies in its scalability: while most recipients may not fall for it, as long as a tiny fraction of users are deceived, the entire scam becomes economically viable.
Andrey Sergeenkov estimates that the actual success rate of this scam is about 0.01%, meaning its business model is built on tolerating a very high failure rate. In his analyzed dataset, 116 victims collectively lost about $740,000, with the largest single loss reaching $509,000.
Previously, the biggest constraint on such scams was cost. Address poisoning requires initiating millions of on-chain transactions, and these transactions themselves cannot directly generate revenue unless there are victims who make erroneous transfers.
Andrey Sergeenkov believes that before the end of 2025, Ethereum's network fees made such large-scale transfer scams unprofitable. But now, transaction costs have dropped by about six times, dramatically reversing the risk-reward ratio, making the scam highly attractive to attackers.
Thus, he pointed out that while Ethereum enhances transaction processing capacity, if it does not strengthen user-facing security protections, it will create a distorted environment: the network's "record-level" activity will be indistinguishable from automated malicious behavior.
In his view, the crypto industry's excessive adoration of network metrics may obscure a darker reality: low-cost block space makes it easy for scams targeting large-scale users to be disguised as legitimate network adoption, with the ultimate losses borne by the users.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
