The truth behind the surge in Ethereum activity: 2.7 million new addresses are backed by a large-scale poisoning attack

Ethereum’s recent “boom” may be overestimated. On the surface, new addresses and transaction volume have hit record highs, but researchers point out that behind this surge in activity lies a large-scale address poisoning attack. Low Gas fees have lowered the attack costs, resulting in millions of addresses being polluted, with victims losing over $740,000. This reminds us that while performance improves, new security challenges also emerge.

The Truth Behind the Apparent Prosperity

Data Showing Surge in Activity

Ethereum is indeed experiencing a rise in activity. During the week of January 12, new addresses reached 2.7 million, a 170% increase over normal levels, and daily transaction volume exceeded 2.5 million. These numbers are impressive at first glance, but the problem is that most of this activity does not come from genuine user demand, but from poisoning attacks.

What Is Address Poisoning Attack

Address poisoning attack is a common on-chain harassment method. Attackers send large amounts of worthless or malicious tokens (often called “dust assets”) to numerous addresses. These fake assets appear in users’ wallets. When users attempt to transfer or interact, these dust assets may be mistaken for real assets, leading to losses or being lured into malicious transactions.

According to the latest reports, 3.8 million addresses received such dust assets in their first transaction, accounting for 67% of new addresses. This means over two-thirds of new addresses are polluted.

Unintended Consequences of Fusaka Upgrade

The Double-Edged Sword of Gas Fee Reduction

The Fusaka network upgrade in December indeed improved performance, reducing transaction fees by over 60%. This should be good news, but the low Gas fees also significantly lowered the cost of launching large-scale attacks.

For attackers, sending junk assets to millions of addresses went from being prohibitively expensive to affordable. This directly caused a surge in poisoning attacks.

Actual Impact

This is not just a numbers game; real users are suffering losses. The confirmed losses of 116 victims already exceed $740,000, and this is only the recorded part.

Balancing Performance and Security

Why Do Low Gas Fees Lead to More Attacks

From an economic perspective, it’s simple: when attack costs decrease, the scale of attacks can expand. After Gas fees dropped from high levels, large-scale spam attacks that were previously infeasible became possible.

This reflects a fundamental challenge faced by blockchain: how to balance improving performance (reducing costs) with maintaining security (preventing abuse).

Validation from Recent Data

Recent data shows that Ethereum’s new active addresses have increased from about 4 million to 8 million over the past 30 days, with nearly double the monthly retention rate of new users, and daily transaction volume reaching a record of 2.8 million. These figures seem impressive, but we now know that a large part of this activity is driven by fake activity caused by poisoning attacks.

Future Outlook

This phenomenon may persist. As long as Gas fees remain low, the economic incentive for poisoning attacks will exist. The Ethereum community may need to consider:

• Whether to implement protective mechanisms against such attacks at the protocol level
• Whether wallets and exchanges need to improve their ability to identify and filter dust assets
• How to increase attack costs without raising the costs for normal users

Summary

The recent surge in Ethereum activity is not entirely positive. While the Fusaka upgrade did improve performance, low Gas fees have also created a fertile ground for large-scale poisoning attacks. Among the 2.7 million new addresses, over 67% received dust assets, highlighting the security challenges currently facing the Ethereum network.

This reminds us that while pursuing performance improvements, security must not be overlooked. Behind high activity figures, there is a need for more careful differentiation between genuine demand and malicious abuse. For users, increasing vigilance in identifying fake assets has become more important.