Skip to content
Active Currencies: 17,432
Market Cap: $2.310T
Bitcoin Dominance: 56.11%
24h Market Cap Change: $-1.53

Is Ethereum’s activity growth fake? Behind the 3.86mln poisoned wallets

A recent report proved why the network's busiest weeks aren't what they seem.

Written by Written by Samyukhtha L KM
Reviewed by Reviewed by Renuka Tahelyani
Updated January 20, 2026
ethereum

Ethereum [ETH] just posted some of its busiest network metrics on record, but all that glitters isn’t gold. According to security researcher Andrey Sergeenkov, much of this activity is caused by a large-scale address poisoning attack!

What you should know

ethereum
Source: sergeenkov.com

On the surface, the data is impressive.

New Ethereum addresses went 2.7x above the 2025 average.

Peak was around the 12th of January, with 2.7 million new addresses; 170% increase over normal levels. At the same time, weekly transactions went up 63%, going from 10.5 million to a record 17.1 million.

Source: sergeenkov.com

But when Sergeenkov dug deeper, he reported that around 80% of this growth was driven by stablecoins, mainly USDT and USDC.

What’s interesting is that stablecoins are often used in automated activity. So, in this case, the numbers were unusually skewed.

Source: sergeenkov.com

Looking at first-time stablecoin transactions, the pattern became clear. 67% of new addresses received less than $1 as their very first transfer. In total, 3.86 million out of 5.78 million addresses received these tiny “dust” payments.

This is obvious address poisoning.

But what is that?

Attackers send tiny amounts of tokens to wallets using addresses that closely resemble a victim’s real one. When users later copy an address from their transaction history without checking it carefully, they end up sending funds to the attacker.

Source: sergeenkov.com

Sergeenkov identified the main culprits by tracking USDT and USDC transfers under $1 between the 15th of December and 18th of January 2026. He filtered for senders that distributed dust to at least 10,000 unique addresses, and uncovered several large-scale operators.

The top three contracts alone sent dust to more than 1.6 million addresses. One distributed dust to 690,000 wallets, another to 589,000, and a third to 405,000.

How Fusaka changed things

Address poisoning wasn’t always worth the effort. The success rate is extremely low (about 0.01%) so attackers depend on a few big mistakes to make money. In this case, one victim alone lost $509,000, making up most of the funds stolen so far.

That changed in December.

Ethereum’s Fusaka upgrade cut average ERC-20 transfer fees by nearly 6x, making it cheap to send millions of spam transactions.

Almost overnight, large-scale poisoning became profitable.

New contracts have appeared in recent days, with one already sending dust to 78,000 addresses. All major attacker contracts are active, and the biggest losses often happen toward the end.

Final Thoughts

  • Ethereum’s record growth is being inflated by address poisoning. 
  • The Fusaka upgrade cut fees 6×, making it a profitable attack.
Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.

Samyukhtha L KM

Journalist

Samyukhtha L KM is a financial journalist and market analyst at AMBCrypto. She covers key market moves, blockchain adoption, and socially-driven crypto trends. She also enjoys providing fresh takes through commentaries on emerging narratives.

Related Articles

AMBCrypto
Facebook X Instagram Youtube Linkedin

AMBCrypto was founded in 2018 with a mission to simplify and bring the latest blockchain and cryptocurrency news to our readers. We have quickly grown into the digital news source for an emerging generation of cryptocurrency enthusiasts, reaching more than a million readers on a monthly basis, across the globe.