1 hour ago
1
In the past 30 days, Ethereum transactions posted a new all-time peak and daily activity remained elevated. The trend is not due to high-value transactions and reflects a new wave of address poisoning attacks.Β
In 2026, Ethereum took a new approach of returning to L1 scaling, after years of support for L2 networks. As a result, Ethereum abandoned its previous eras of high-priced transactions. The latest Glamsterdam update led to another price drop for gas fees.Β
Ethereum transactions peaked at over 3.62M per day at the end of April, based on Etherscan data. The Glamsterdam upgrade lowered gas fees by 78%, encouraging on-chain activity. Regular transactions cost as low as $0.004, up to 90% lower compared to previous periods.Β
Ethereum transactions hold near their highest level after the latest Glamsterdam decrease in fees. Investigators noted most of the additional traffic is due to address poisoning attacks. | Source: Etherscan.Even swaps and complex DEX operations are down to $0.07, from around $1 in the past few months. The lowered fees still react to increased transaction loads, but overall Ethereum is much more accessible for retail usage.Β
At the same time, risk to end user wallets is undermining the trust in Ethereum as a suitable platform for carrying mainstream financial operations.
Why is Ethereum attacked by address poisoning?
Ethereum still has large holders and legacy wallets, with significant ETH or token holdings. Usually, dusting attacks have a low success rate, with one in 10,000 wallets copying a fake address.
During previous upgrades that lowered transaction fees, Ethereum also noted dusting campaigns and address poisoning rose by as much as 600%.
On-chain analysis for 2026 accounted for $62M in lost funds due to address poisoning attacks. Address poisoning is also sold as a package on Telegram, allowing a much higher number of threat actors to mount relatively cheap attacks.
Etherscan experts have also noted that while previous attacks were manual and sporadic, in 2026, address poisoning expanded on an industrial scale, with automation and a wider reach.
Users report a mix of zero-value tokens, dusting with valid tokens, and fake events recorded into wallet history. Wallet transactions also alert the dusting bots, with each transaction triggering several fake records or small transfers.
An even more advanced attack has also been noted as part of AI agent workflows. New plugins intercept and change copied crypto addresses, making even manual verification more difficult.
Ethereum dusting attacks become competitive
As of May 25, only one address was running a high-visibility poisoning attack, based on the leaderboard of gas burner contracts.
However, address poisoning attacks are competitive, and often several addresses target wallets with positive balances and an active transaction history.Β
As seen by tracking a single user wallet, fake transactions overwhelm legitimate activity, with several flagged addresses sending zero-value tokens or dust amounts of USDT.
For end users, the best approach is to use wallets with anti-phishing protection, and never use address history for new transactions. Address poisoning attacks rely on a numbers game and human error, and may steal either minimal amounts of crypto, or drain a whale wallet.Β
The dusting attacks arrive at a time when Ethereumβs transparency is seen as a flaw and an attack vector, while users try to veil their on-chain activity for higher personal security.
If you're reading this, youβre already ahead. Stay there with our newsletter.
English (US)