Address poisoning scams exploit lower Ethereum fees
Ethereum’s recent scalability improvements have had an unintended consequence, I think. The Fusaka upgrade, which rolled out in late 2025, dramatically reduced transaction fees across the network. That’s generally a good thing, of course. But it also made something called ‘address poisoning’ attacks economically viable for scammers at scale for the first time.
These attacks work through social engineering. Attackers monitor transaction histories of potential targets, then create lookalike addresses that mimic legitimate ones. They send tiny amounts of ETH—what are called ‘dust transactions’—to these targets. The goal is to poison the victim’s transaction history with these fake addresses.
How the scams unfold
It’s a waiting game after that. The victim might eventually copy what looks like a familiar address from their history, not realizing it’s the poisoned version. By the time they notice the mistake, it’s usually too late. The funds are gone.
According to ScamSniffer’s data, there have been two major victims just in the last two months. In January, someone lost $12.25 million this way. In December, another user lost a staggering $50 million. That’s $62 million total across two cases.
But perhaps what’s more concerning is how these attacks are affecting network metrics.
Inflating transaction counts
All those dust transactions count as real on-chain activity. They’ve been contributing significantly to Ethereum’s recent record-breaking daily transaction counts. After the Fusaka upgrade, the network saw massive surges in activity that carried into 2026. Daily transactions hit all-time highs, and active addresses spiked dramatically.
However, analysts have pointed out that a substantial portion of this surge appears linked to mass address poisoning campaigns rather than organic adoption. The fact that ETH prices didn’t react bullishly to these new records adds weight to the argument that the activity is artificially inflated.
Signature phishing also rising
Address poisoning isn’t the only problem, though. ScamSniffer’s January report also noted an increase in signature phishing attacks. In January alone, $6.27 million was stolen across 4,741 victims through this method. Two particularly large cases accounted for 65% of those losses—one user lost $3.02 million, another lost $1.08 million.
It’s interesting, or maybe concerning, that the Ethereum community seems largely focused on celebrating the new transaction records rather than questioning their origin. The Fusaka upgrade has been widely praised, which it probably deserves for its technical achievements. But the low-value spam transactions dominating the metrics, and the fact that many ‘new active addresses’ only qualified because they received tiny stablecoin transfers as their first activity—these details get less attention.
The situation creates a difficult balance. Lower fees make Ethereum more accessible for legitimate users, but they also enable new forms of exploitation. Users need to be extra careful when copying addresses from their transaction history now. Double-checking every character might feel tedious, but it’s necessary when $62 million can disappear in two months through simple copying mistakes.
