Lower gas costs have turned Ethereum into a playground for mass address poisoning, with scammers hitting thousands of wallets daily.
Ethereum has spent years trying to fix high fees, and recent upgrades finally made transactions cheaper. But while they solved one problem, they may have opened the door to another.
Leon Waidmann, head of research at Lisk, noted in an X post on Wednesday, Feb. 18, that network activity is booming, with stablecoin volume hitting $7.5 trillion in a single quarter while transaction fees stayed under a dollar.
“Record usage. Record cheap. At the same time. The biggest divergence between fundamentals and price in all of crypto right now,” he noted.
But the growth may hide a more alarming reality. A recent study by blockchain researcher Andrey Sergeenkov finds address poisoning attacks surged significantly after the December Fusaka upgrade, which cut gas fees sixfold and made spam attacks cheap enough to scale.
Address poisoning works by sending tiny transfers from addresses that look like the victim’s real contacts. If the victim copies the wrong address from their history, funds get stolen. Sergeenkov says attackers treat this like a lottery, sending millions of cheap transactions in the hope of a few big payoffs.
Unintended Consequences
Before Fusaka, attackers were sending roughly 30,000 dust transactions per day, according to Sergeenkov’s analysis of 101 tokens between Sept. 1, 2025, and Feb. 13 this year.
But after the upgrade, lower fees made mass poisoning viable in a way that wasn’t possible before, and daily dust transactions jumped to 167,000, peaking at about 510,000 in one day in January.
In just over two months after Fusaka, victims lost more than $63 million, 13 times the $4.9 million lost in a comparable prior period, the data shows.
“There is nothing wrong with lowering fees, but the security problems that cheap transactions amplify should have been addressed before the upgrade. When the Ethereum Foundation claims it is building trillion-dollar security, user safety must be the strictest priority over growth metrics,” Sergeenkov writes.
Sergeenkov noted that a single transfer accounted for a large share of the post-Fusaka losses, when attackers stole $50 million in USDT on Dec. 19, 2025. Even leaving that out, total losses still came to $13.3 million, 2.7 times higher than the pre-Fusaka period, he concluded.
