Solving Poisoning Scams Exploits Falling Ethereum Fees
Ethereum’s recent scalability improvements have had an unintended consequence, I think. The Fusaka upgrade, rolling out in late 2025, has significantly reduced transaction fees across the network. This is generally a good thing, of course. But it also made so-called “address poisoning” attacks economically viable for large-scale crooks for the first time.
These attacks work using social engineering. Attackers monitor the transaction history of potential targets and then create lookalike addresses that mimic legitimate addresses. They send small amounts of ETH – so-called “dust transactions” – to these targets. The goal is to poison the victim’s transaction history with these fake addresses.
How scams work
After that, it’s a waiting game. The victim could potentially copy what looks like a familiar address from their history, without realizing that it is the poisoned version. By the time they notice the error, it’s usually too late. The funds have disappeared.
According to ScamSniffer data, there have been two major victims in the last two months alone. In January, someone lost $12.25 million. In December, another user lost a staggering $50 million. That’s a total of $62 million for two cases.
But perhaps more concerning is how these attacks affect network metrics.
Inflate the number of transactions
All of these dust transactions count as real on-chain activity. They contributed significantly to Ethereum’s recent record number of daily transactions. After the Fusaka upgrade, the network saw a massive increase in activity that continued through 2026. Daily transactions reached all-time highs and active addresses increased significantly.
However, analysts have pointed out that a substantial part of this increase appears linked to massive anti-poisoning campaigns rather than organic adoption. The fact that ETH prices have not reacted bullishly to these new record highs adds weight to the argument that activity is artificially inflated.
Signature phishing is also on the rise
However, poisoning is not the only problem. ScamSniffer’s January report also noted an increase in signature phishing attacks. In January alone, $6.27 million was stolen from 4,741 victims using this method. Two particularly large cases accounted for 65% of these losses: one user lost $3.02 million, another $1.08 million.
It is interesting, even worrying, that the Ethereum community seems largely focused on celebrating new transaction records rather than questioning their origin. Fusaka’s upgrade has been widely praised, which it probably deserves for its technical achievements. But the low-value spam transactions dominating the metrics and the fact that many “new active addresses” only qualify because they received tiny stablecoin transfers as their first activity – these details get less attention.
The situation creates a difficult balance. Lower fees make Ethereum more accessible to legitimate users, but they also enable new forms of mining. Users should now be very careful when copying addresses from their transaction history. Double-checking every character may seem tedious, but it’s necessary when $62 million can disappear in two months due to simple copying errors.
