Author: Oluwapelumi Adejumo
Compiled by: Luffy, Foresight News
Original title: Ethereum Anomaly: Full Activity, Dirt-Cheap Fees—What's the Catch Behind It?
Ethereum's current daily network growth data has hit an all-time high. On the surface, this surge in statistics signals a massive return of user activity.
According to data from Token Terminal, the Ethereum mainnet processed 2.9 million transactions in the past week, setting a new historical record.
At the same time, the number of daily active addresses also saw a significant increase, rising from around 600,000 in late December to approximately 1.3 million.
The key point is that this explosion in throughput occurred while transaction costs remained extremely low. Despite record-high transaction demand, the average fee consistently stayed within the range of $0.1 to $0.2.
Ethereum On-Chain Activity, Data Source: Token Terminal
For a network like Ethereum, where fees soared to $50 to $200 during the 2021-2022 NFT boom, this change represents a fundamental shift in its transaction accessibility.
However, analysis shows that this growth is not entirely organic. Although surface indicators seem to herald a bull market recovery, security researchers warn that a significant portion of the network's traffic is actually driven by malicious actors.
These attackers are leveraging Ethereum's significantly reduced fees to launch industrial-scale "address poisoning" attack campaigns, disguising automated scam patterns as legitimate transactions to carry out targeted fraud against users.
Context of Network Scaling
To understand this sudden surge in transaction volume, one must focus on the recent structural changes to the Ethereum protocol. For years, the Ethereum network, while powerful, had transaction costs that were prohibitively high for most people.
Leon Waidmann, Head of Research at the Onchain Foundation, pointed out that since he entered the crypto industry, Ethereum mainnet fees have been outrageously high for the average user.
He stated that Ethereum was not only too expensive for retail users but also too costly for building consumer applications.
This situation began to change about a year ago: the Ethereum development team systematically optimized the network's scalability while striving to maintain decentralization and network security.
A series of protocol upgrades were implemented, advancing Ethereum's scaling roadmap, with three core upgrades.
The first was the Pectra upgrade in May 2025, which increased the target Blob data per block from 3 to 6 and the maximum from 6 to 9, directly doubling the expected processing capacity for Blob data.
Subsequently, in December 2025, Ethereum completed the Fusaka upgrade, introducing Peer Data Availability Sampling (PeerDAS). This technology allows validators to verify the availability of Blob data through sampling rather than downloading the full dataset, achieving a further improvement in network processing capacity while ensuring reasonable node operation requirements.
The latest upgrade was the Blob-Only Parameter Fork in January 2026, which increased the target Blob data per block from 10 to 14 and the maximum to 21. These upgrades aimed to unlock significant network processing power for Ethereum.
The economic effects of the upgrades quickly became apparent: Ethereum mainnet fees plummeted, and simple transactions returned to a low-cost state.
Leon Waidmann noted that it is now feasible to develop at scale directly on the Ethereum mainnet, which has also driven prediction markets, real-world asset trading, and payment businesses back to the mainnet.
Meanwhile, the scale of stablecoin transfers on the Ethereum network reached about $8 trillion in the fourth quarter of last year.
Ethereum's Record Activity Lacks Real Value Support
Although the record activity seems to mark Ethereum's rise, on-chain data shows that these transactions are not creating real value for the network.
Data from Alphractal shows that the Metcalfe Ratio, which measures the ratio of market capitalization to the square of the number of active users, is continuously declining. This means Ethereum's valuation growth has failed to keep pace with actual network adoption.
Ethereum's Metcalfe Ratio, Source: Alphracta
Furthermore, Ethereum's Network Adoption Score is currently at Level 1, its lowest historical tier. This data reflects the current market chill, with network valuation being low relative to on-chain activity.
Based on this, Matthias Seidl, co-founder of GrowThePie, believes that Ethereum's current activity surge is not organic.
He cited the example of a single address: this address received 190,000 ETH transfers from 190,000 unique wallets in a single day.
Matthias Seidl pointed out that the number of wallets receiving ETH transfers is relatively stable, but the number of wallets initiating transfers has grown significantly. He also emphasized that a large number of ETH transfers consume only 21,000 Gas, the cheapest transaction type in the Ethereum Virtual Machine (EVM).
Ethereum EVM Transaction Costs, Data Source: GrowThePie
Currently, these low-cost native transfers account for nearly 50% of all Ethereum transactions. In comparison, sending an ERC20 token requires about 65,000 Gas, and the Gas cost of a stablecoin transfer is equivalent to three ETH transfers.
Address Poisoning: The Scam Makes a Comeback
Meanwhile, the surge in Ethereum's on-chain activity stems from an old scam that has made a comeback in this era of low fees.
Security researcher Andrey Sergeenkov pointed out that since last December, a wave of address poisoning attack campaigns has been spreading wildly by exploiting Ethereum's low Gas fees: while inflating various network metrics, they implant fake addresses into users' transaction histories,诱导 users to transfer real assets to the attackers.
The operation method of this type of attack is very simple: scammers generate "poisoned addresses" that share the same starting and ending characters as the target user's legitimate wallet address; after the victim completes a normal transfer, the attacker sends a small "dust transaction" to them, causing the fake address to appear in the victim's recent transaction history.
They bet that users will later copy this seemingly familiar address directly from their transaction history when making a transfer, without verifying the full address string.
Based on this, Andrey Sergeenkov linked the surge in new Ethereum addresses to this scam technique. He estimated that the current rate of new address creation on Ethereum is about 2.7 times the average level of 2025, with new address creation in the week of January 12th soaring to about 2.7 million.
Address Poisoning Attack Victim Data, Data Source: Andrey Sergeenkov
After dissecting the fund flows behind this growth, he concluded that about 80% of the transaction activity is driven by stablecoin transactions, not organic user demand.
To verify if this growth was caused by address poisoning, Andrey Sergeenkov looked for a telltale sign: addresses whose first transaction was receiving a stablecoin transfer of less than $1.
Statistics showed that 67% of new addresses fit this characteristic. Specifically, out of 5.78 million new addresses, 3.86 million addresses had their first stablecoin transaction be receiving a "dust transfer."
Subsequently, he turned his research focus to the initiators of these transfers: counting accounts that sent less than $1 worth of USDT and USDC between December 15, 2025, and January 18, 2026.
Andrey Sergeenkov counted the number of unique recipient addresses for each initiating account and filtered for accounts that initiated transfers to at least 10,000 addresses. He found that behind these accounts were smart contracts specifically designed for the industrial implementation of address poisoning. This type of code can fund and coordinate the operations of hundreds of poisoning addresses in a single transaction.
One contract he studied contained a function labeled `fundPoisoners`, which, according to its description, can distribute stablecoin dust to large batches of poisoning addresses at once, along with a small amount of ETH to pay for Gas fees.
These poisoning addresses then disperse to send dust transfers to millions of potential targets, creating misleading entries in their wallets' transaction histories.
The core of this scam model lies in operating at scale: although most recipients will not fall for it, the entire scheme becomes economically viable as long as a tiny fraction of users are deceived.
Andrey Sergeenkov estimated the actual success rate of this scam to be about 0.01%, meaning its business model is fundamentally built on tolerating an extremely high failure rate. In the dataset he analyzed, 116 victims lost a total of approximately $740,000, with the single largest loss reaching $509,000.
Previously, the biggest constraint for such scams was cost. Address poisoning requires initiating millions of on-chain transactions, which themselves do not directly generate revenue unless a victim sends funds to the wrong address.
Andrey Sergeenkov believes that until late 2025, Ethereum's network fees made this large-scale transfer scam strategy unprofitable. But now, transaction costs have decreased by about 6 times, causing a drastic reversal in the risk-reward ratio, making the scam highly attractive to attackers.
Thus, he pointed out that while Ethereum has increased its transaction processing capacity, if user security protections are not strengthened, it creates a distorted environment: the network's "record-level" activity is indistinguishable from automated malicious behavior.
In his view, the crypto industry's excessive focus on network metrics may掩盖 a darker reality: low-cost block space easily allows scams targeting large-scale users to be whitewashed as legitimate network adoption, and the ultimate losses will be borne by users.
Twitter:https://twitter.com/BitpushNewsCN
BitPush TG Discussion Group:https://t.me/BitPushCommunity
BitPush TG Subscription: https://t.me/bitpush
