Ethereum: The explosion of activity is linked to dusting attacks

The recent surge in activity on Ethereum may be less a sign of euphoria and more malicious background noise. A security researcher, Andrey Sergeenkov, believes that part of this increase resembles an “address poisoning” campaign, a variant of dusting which takes advantage of transaction fees which have become very low since December. “Activity retention” would have almost doubled in one month, to around 8 million addresses, while daily transactions hit a record close to 2.9 million.

An intriguing peak in usage on Ethereum, with supporting figures

On paper, the metrics are spectacular. The week starting January 12 would have seen 2.7 million new addresses, about 170% above usual levels, according to Sergeenkov. And the daily transaction volume crossed the 2.5 million mark over the same period.

Other readings exist, and they are less alarmist. Data relayed via Glassnode suggests a marked influx of “first interactions” over 30 days for Ethereum, which may also correspond to new uses, particularly around stablecoins.

This is where the debate becomes interesting for the Ethereum crypto: a raw increase in addresses is not automatically a “healthy” increase in adoption. Part of it may come from automation, scripts, or marketing operations. And, in the worst scenario, a parallel spam industry that knows how to make itself invisible at first sight.

Why lower fees are a game changer for attackers

Sergeenkov points to a key factor : cost dynamics. When network costs contract, some attacks that were “too expensive to be massive” become profitable again. The Fusaka update in December helped reduce costs on Ethereum, and fees reportedly dropped by over 60% in the following weeks.

Fusaka, presented as a scalability step, aims in particular to improve data availability and lower costs for layer 2 solutions. In other words: more capacity, less friction, and a smoother experience for the user.

Except that a cheaper network is also a network where “flooding” becomes more accessible. Attackers don't need to break any cryptography. They play on ergonomics and reflexes. They rely on fatigue, routine, and that little moment where we copy and paste without checking.

Address poisoning and dusting: the scam hidden in history

Address poisoning is a seemingly banal scam. Scammers send tiny transactions from addresses that look like a legitimate contact. The goal is not to steal instantly. The goal is to “plant” a false marker in the history, then wait for a large transaction.

In the version described by Sergeenkov, “dust distributors” first receive small sums, often in stablecoins. Then, these addresses redistribute dust to thousands, sometimes hundreds of thousands of wallets, to maximize the chances that a victim will copy the wrong destination one day.

The figures cited provide an overview of the risk. Some distributors reportedly sent to more than 400,000 recipients. And, at this stage, more than $740,000 has been stolen from 116 victims via this mechanism, according to the researcher.

What this means for the Ethereum ecosystem and how to limit the risk

The sensitive point is reading the indicators. A transaction record can be a signal of vitality. It can also be a signal of pollution. For analysts, this complicates the distinction between organic and artificial activity. For product teams, this shines a spotlight on an often relegated topic: end-user security.

This is not to say that everything is fake or that no one uses Ethereum “for real”. Stablecoins and multi-chain uses can very well boost activity. But the hypothesis of a dusting wave reminds us of a simple truth: scale attracts builders as much as scammers. On the practical side, the defense is mainly behavioral. Check the entire address, not just the beginning. Be wary of “unexpected” entries in the history. These are unglamorous gestures, but they are often worth more than a new miracle plugin.