Ethereum’s recent “record” weeks look a lot less healthy when you peel back the numbers. Security researcher Andrey Sergeenkov (sergeenkov.com) says a coordinated address-poisoning campaign — mostly using tiny stablecoin transfers — is responsible for the bulk of the surge in activity.
What the stats showed
- New addresses exploded to roughly 2.7x the 2025 average, peaking around Jan. 12 with about 2.7 million new wallets (a ~170% jump over typical levels).
- Weekly transactions climbed 63%, from 10.5 million to a record 17.1 million.
Why that’s misleading
Sergeenkov’s analysis found that roughly 80% of the growth was driven by stablecoins, principally USDT and USDC. Much of this traffic is automated, and in this case it was dominated by “dust” — tiny transfers that skew activity metrics without reflecting genuine user engagement.
How the attack worked
- Looking at first-time stablecoin receipts, Sergeenkov found that 67% of new addresses received less than $1 as their first inbound transfer. In total 3.86 million of 5.78 million new addresses got these microscopic payments — a classic address-poisoning pattern.
- In a dusting/address-poisoning scheme, attackers send tiny token amounts to many wallets whose addresses resemble those of real victims. Later, a user copying an address from their transaction history may accidentally paste the attacker’s address and lose funds.
The scale and actors
- Sergeenkov tracked USDT/USDC transfers under $1 between Dec. 15 and Jan. 18, 2026, and filtered for senders that dusted at least 10,000 unique addresses. He uncovered several large operators: the top three contracts alone distributed dust to over 1.6 million addresses (690k, 589k, and 405k recipients respectively).
- New attacker contracts keep appearing; one recently sent dust to 78,000 addresses. All of the major attacker contracts remain active.
Profitability and risk
- Address poisoning has an extremely low success rate — about 0.01% — so attackers rely on a handful of big mistakes to cash out. In this recent wave, one victim’s loss of $509,000 accounts for most of the funds stolen to date.
- The attack became far more economically viable after Ethereum’s Fusaka upgrade in December, which cut average ERC‑20 transfer fees by nearly 6x and made it cheap to spam millions of tiny transfers.
Takeaway
On-chain metrics can be misleading: surges in addresses and transactions aren’t always organic growth. The dusting campaign highlights why metrics should be analyzed by token type and transfer size, and why users must be careful when copying addresses from transaction histories.
Note: This summary is informational and not investment advice. For full details see the original analysis by Andrey Sergeenkov (sergeenkov.com).
Read more AI-generated news on: undefined/news
