Address poisoning attacks have escalated into a major security crisis on the Ethereum network, ironically contributing to its recent record-breaking transaction volumes while causing millions in losses. According to security firm ScamSniffer, two high-profile victims lost a combined $62.25 million in December 2025 and January 2026. The January incident alone resulted in a $12.25 million loss when a user mistakenly copied a poisoned address from their transaction history.
The surge in these attacks is directly linked to the Ethereum Fusaka upgrade in late 2025. This upgrade successfully improved network scalability and sharply reduced transaction fees (gas costs). While beneficial for legitimate users, the lower costs have made "dust transactions"—tiny transfers of ETH or stablecoins used to poison address histories—economically viable for attackers on a massive scale for the first time.
Address poisoning is a social engineering scam where attackers monitor a target's public transaction history, generate a wallet address that visually mimics the target's frequent contacts (matching the first and last few characters), and then send a dust transaction to "poison" the history. The attacker then waits for the victim to accidentally copy the fraudulent address for a future large transfer.
This wave of dust transactions is significantly inflating Ethereum's on-chain metrics. Post-Fusaka, the network saw daily transactions and active addresses spike to all-time highs. However, analysts note that a substantial portion of this activity is inorganic, driven by these poisoning campaigns. Coin Metrics reported in February that stablecoin-related dust activity now constitutes approximately 11% of all Ethereum transactions and 26% of active addresses on an average day, with 38% of stablecoin balance updates being for less than one cent.
ScamSniffer's January report also highlighted a parallel rise in signature phishing, with $6.27 million stolen from 4,741 victims—a 207% increase from December. Two wallets accounted for 65% of these losses, amounting to $3.02 million and $1.08 million respectively.
Security firm Web3 Antivirus stated that address poisoning "is one of the most consistent ways large amounts of crypto get lost," with historical losses ranging from $4 million to $126 million. The report emphasized that this trend shows no signs of slowing down. Furthermore, blockchain intelligence firm Whitestream noted that the decentralized stablecoin DAI has become a preferred tool for illicit actors due to its governance model, which does not cooperate with authorities in freezing wallets.
