Ethereum's network activity recently hit a historic peak, but the surge was driven by a large-scale cryptocurrency scam campaign rather than genuine user growth. On January 16, daily transactions on the Ethereum blockchain reached an all-time high of over 2.8 million, according to data from BitInfoCharts.
Concurrently, Etherscan data revealed that the number of new Ethereum addresses created in the preceding 30 days topped 12.6 million, marking the highest rolling 30-day total ever recorded. However, independent research by journalist Andrey Sergeenkov, reviewed by blockchain security experts, indicates that the record-breaking transaction volume was primarily caused by mass address poisoning attacks.
Gonçalo Magalhães, head of security at bug bounty platform Immunefi, confirmed the severity of the issue, stating, "Mass address poisoning attacks are a persistent issue, and it’s getting worse." These attacks involve scammers sending tiny amounts of crypto from lookalike addresses to a victim's wallet. The goal is to trick users into mistakenly copying the fraudulent address from their transaction history and sending funds to it, believing it to be legitimate.
The attacks exploit clunky user interfaces, a lack of warnings, and user carelessness. Michael Pearl, Vice President at security firm Cyvers, highlighted the scale of the operation: "Over the past seven days alone, we’ve been detecting more than one million address poisoning preparations per day on Ethereum."
The potential losses are enormous. Last month, a single user lost $50 million to an address poisoning attack, as reported by security platform Scam Sniffer.
Paradoxically, Ethereum's recent upgrades have inadvertently facilitated these scams. The December Fusaka upgrade reduced transaction costs, scaling the network for more users. However, this also made mass poisoning attacks much cheaper to execute. Furthermore, Magalhães noted that user experience upgrades like account abstraction can make it easier for users to inadvertently sign transactions they don't fully understand.
Experts argue the solution lies in better wallet security features. "Wallets need to clearly convey intent and surface risk," said Magalhães, drawing a parallel to Google's Gmail scanning for viruses. He also advocated for wider adoption of naming systems like the Ethereum Name Service (ENS) to make lookalike attacks harder. Some wallets, like Rabby, already implement warnings for new addresses and flag suspicious activity, but broader adoption is needed to curb the threat.
