Ethereum: Spike in Activity Possibly Tied to Dusting Attacks

The recent surge in activity on Ethereum might be less a sign of euphoria and more a malicious background noise. A security researcher, Andrey Sergeenkov, believes that part of this increase resembles an “address poisoning” campaign, a variant of dusting that takes advantage of transaction fees that have been very low since December. “Activity retention” nearly doubled in a month, around 8 million addresses, while daily transactions reached a record close to 2.9 million.

A usage spike that intrigues on Ethereum, supported by figures

On paper, the metrics are spectacular. The week starting January 12 reportedly saw 2.7 million new addresses, about 170% above usual levels, according to Sergeenkov. And the daily transaction volume surpassed 2.5 million during the same period.

Other interpretations exist, and they are less alarming. Data shared via Glassnode suggests a marked influx of “first interactions” over 30 days for Ethereum, which can also correspond to new uses, notably around stablecoins.

This is where the debate gets interesting for Ethereum crypto: a raw increase in addresses is not automatically a sign of “healthy” adoption. A part may come from bots, scripts, or marketing operations. And, in the worst-case scenario, from a parallel spam industry that knows how to stay invisible at first glance.

Why the fee reduction changes the game for attackers

Sergeenkov highlights a key factor: the cost dynamics. When network fees contract, some attacks that were “too expensive to be massive” become profitable again. The Fusaka update in December helped reduce costs on Ethereum, and fees reportedly dropped by over 60% in the following weeks.

Fusaka, presented as a scalability step, aims especially to improve data availability and lower costs for layer 2 solutions. In other words: more capacity, less friction, and a smoother user experience.

Except that a cheaper network is also a network where “flooding” becomes more accessible. Attackers don’t need to break cryptography. They play on ergonomics and reflexes. They count on fatigue, routine, and that little moment when one copy-pastes without checking.

Address poisoning and dusting: the scam hidden in the history

Address poisoning is a scam that looks ordinary. Fraudsters send tiny transactions from addresses resembling those of a legitimate contact. The goal isn’t to steal immediately. The goal is to “plant” a false marker in the history, then wait for a big transaction.

In the version described by Sergeenkov, “dust distributors” first receive small amounts, often in stablecoins. Then these addresses redistribute dust to thousands, sometimes hundreds of thousands of wallets to maximize the chances that a victim copies the wrong destination one day.

The cited figures give a glimpse of the risk. Some distributors sent to more than 400,000 recipients. And at this point, over $740,000 has been stolen from 116 victims via this scheme, according to the researcher.

What it implies for the Ethereum ecosystem and how to limit the risk

The sensitive point is the interpretation of indicators. A transaction record can be a vitality signal. It can also be a pollution signal. For analysts, it complicates distinguishing between organic and artificial activity. For product teams, it highlights a topic often sidelined: end-user security.

This is not to say everything is fake or that no one uses Ethereum “for real.” Stablecoins and multi-chain uses can very well drive up activity. But the hypothesis of a dusting wave reminds us of a simple truth: scale attracts both builders and scammers. Practically, the defense is mainly behavioral. Verify the entire address, not just the beginning. Be wary of “unexpected” entries in the history. These are unglamorous gestures but often worth more than a new miracle plugin.