Ethereum's daily transactions reached an all-time high of over 2.8 million on January 16, largely driven by a widespread address poisoning scam. These attacks, which involve sending tiny crypto amounts from deceptive addresses, are intensifying amid recent network upgrades. Security experts warn that without improved wallet safeguards, users remain vulnerable to significant losses.
On January 16, Ethereum processed more than 2.8 million transactions in a single day, marking the highest volume ever recorded, as tracked by BitInfoCharts. This surge coincided with the creation of 12.6 million new addresses over the preceding 30 days, the largest rolling total according to Etherscan. However, independent journalist Andrey Sergeenkov's research, reviewed by blockchain security specialists, attributes much of this activity to a massive address poisoning campaign.
Address poisoning scams work by having attackers dispatch minuscule crypto transfers from addresses mimicking legitimate ones to victims' wallets. The intent is to deceive users into directing funds to these fraudulent addresses, exploiting interface shortcomings, absent alerts, and user oversight. As Gonçalo Magalhães, head of security at Immunefi, a crypto bug bounty platform, explained: “Mass address poisoning attacks are a persistent issue, and it’s getting worse.”
The scale is alarming. In the last month alone, one victim lost $50 million to such a ploy, per Scam Sniffer data. Michael Pearl, vice president at security firm Cyvers, noted: “Over the past seven days alone, we’ve been detecting more than one million address poisoning preparations per day on Ethereum, underscoring the scale at which these campaigns are currently operating.”
Ethereum's recent Fusaka upgrade has lowered transaction fees, broadening access and use cases but also cheapening these spam-like attacks for scammers. Enhancements like account abstraction further risk users approving unclear transactions. To counter this, experts advocate for wallet integrations akin to email virus scanners—clear risk notifications and adoption of systems like ENS for readable identifiers.
Wallets such as Rabby already offer protections: alerting on unfamiliar addresses, screening for suspicious actions, and highlighting potential phishing in histories. Until wider implementation, vigilance is essential for Ethereum users navigating this heightened threat landscape.
