Low fees push Ethereum to new heights, while paving the way for a wave of on-chain scams

Ethereum is recording the highest daily network growth in history, a statistical breakthrough that seems to signal a strong return of users.

Over the past week, the Ethereum mainnet has processed approximately 2.9 million transactions, an all-time high according to data from Token Terminal. Simultaneously, the number of active daily addresses surged to about 1.3 million, compared to approximately 0.6 million at the end of December.

Notably, this surge in throughput occurs amid nearly negligible transaction costs. The average fee remains at a “few cents,” around $0.10–$0.20, despite record-breaking demand.

*Activity on the Ethereum blockchain (Source: Token Terminal)*For a network that experienced transaction fees soaring to $50–$200 during the NFT boom of 2021–2022, this represents a fundamental shift in economic accessibility.

However, in-depth analyses indicate that this growth is not entirely natural. While surface metrics suggest a bullish market revival, security researchers warn that a significant portion of the traffic comes from malicious actors.

These actors are exploiting the new low fee environment to deploy “address poisoning” campaigns (address poisoning) on an industrial scale, disguising automated scam transactions as legitimate activity.

Scaling Context

To explain the sudden jump in volume, one must look at recent structural changes to the Ethereum protocol. For years, the network has been technologically robust but nearly inaccessible in terms of cost for most users.

Leon Waidmann, Head of Research at Onchain Foundation, states that since he entered the crypto market, fees on the Ethereum mainnet have simply been too high for ordinary users: unsuitable for retail, frequent use, or building consumer-oriented applications.

This only truly changed about a year ago, as Ethereum developers gradually scaled the network while trying to maintain decentralization and security.

This process has been realized through three major upgrades.

The first is the Pectra upgrade in May 2025, increasing the target blob count per block from 3 to 6 and the maximum from 6 to 9, nearly doubling the expected throughput of blobs.

Next is the Fusaka upgrade in December 2025, implementing Peer Data Availability Sampling (PeerDAS). This mechanism allows validators to verify blob availability through sampling rather than downloading all data, increasing throughput while keeping node operation requirements reasonable.

Most recently, the Blob Parameter-Only (BPO) hard fork in January 2026 raised the target blob count from 10 to 14 and the maximum from 14 to 21. These are pragmatic adjustments aimed at unlocking additional capacity for the network.

The economic effects of these upgrades quickly became apparent: mainnet fees dropped sharply, and basic transactions became cheap again.

According to Waidmann, building directly on Layer 1 at scale has once again become feasible, prompting markets to anticipate the return of on-chain markets, real-world assets, and payment applications to the mainnet. At the same time, the value of stablecoin transfers on the network reached about $8 trillion in Q4.

Record Activity but No Value Creation?

Although record numbers show a blockchain expanding rapidly, on-chain data suggests these activities are not truly adding value to the network.

Data from Alphractal shows that the Metcalfe ratio, which compares market capitalization to the square of active users, is declining. This indicates that valuations are not keeping pace with the network’s actual adoption.

Additionally, Ethereum’s Adoption Score is currently at 1, the lowest in its historical range, reflecting a “cold” market where valuation is low relative to on-chain activity.

*Ethereum’s Metcalfe system (Source: Alphractal)*In this context, Matthias Seidl, co-founder of GrowThePie, suggests that the increase in activity may not be natural. He cites an example of a single address receiving up to 190,000 native ETH transactions from 190,000 different wallets in just one day.

Seidl notes that the number of wallets receiving native ETH transfers remains fairly stable, while the number of wallets sending ETH has doubled. He emphasizes that many such transactions only consume 21,000 gas, the lowest in the EVM.

Currently, native ETH transactions account for nearly 50% of all transactions. Meanwhile, transferring ERC20 tokens costs about 65,000 gas, and a single stablecoin transaction consumes gas equivalent to three times that of a native ETH transfer.

The Return of “Address Poisoning”

Ethereum’s latest on-chain activity wave is traced back to an old scam method, but redeployed in a low-fee environment.

Security researcher Andrey Sergeenkov states that address poisoning campaigns have exploited low gas costs since December, inflating network metrics while planting “fake” addresses into users’ transaction histories.

The method is simple: attackers create addresses that resemble victims’ real addresses at the beginning and end of the string. After the victim makes a legitimate transaction, the scammer sends a tiny “dust” amount so that the fake address appears in recent transaction history.

The goal is to cause users, at some point, to copy this familiar address by mistake without checking the entire string.

Sergeenkov believes the sharp increase in new addresses on Ethereum aligns with this scenario. He estimates the creation rate of new addresses is about 2.7 times the 2025 average, with peak weeks around January 12 reaching nearly 2.7 million addresses.

*Send a message to victims of poisoning (Source: Andrey Sergeenkov)*Deep analysis of flows shows that about 80% of the growth comes from stablecoin activity, not natural user demand.

To verify, Sergeenkov searches for a signature pattern: addresses whose first interaction is receiving less than $1 worth of stablecoin. Results show that 67% of new addresses meet this criterion. In absolute numbers, 3.86 million out of 5.78 million addresses received “dust” in their first stablecoin transaction.

He further narrows the scope to senders—accounts that transferred less than $1 USDT or USDC between 12/15/2025 and 1/18/2026—and filters for addresses that sent to at least 10,000 different recipients.

What emerges, according to Sergeenkov, are smart contracts designed to “industrialize” this campaign: source code capable of funding and coordinating hundreds of poisoned addresses in a single transaction. One contract he examined has a function called fundPoisoners, used to distribute “dust” stablecoins along with a small amount of ETH as gas to multiple addresses simultaneously.

From there, these addresses spread out, sending “dust” to millions of potential targets, creating transaction records that can mislead users’ wallets.

This model relies on scale: most victims will not fall for it, but a tiny percentage is enough to be profitable. Sergeenkov estimates an effective “conversion” rate of about 0.01%. In his dataset, 116 victims lost a total of about $740,000, including one case that lost $509,000.

The biggest obstacle was the cost. Address poisoning required millions of on-chain transactions that did not generate direct revenue unless victims mistakenly transferred funds.

According to Sergeenkov, until late 2025, Ethereum network fees made mass sending strategies economically unviable. But as transaction costs dropped about sixfold, the risk-reward balance tilted heavily in favor of attackers.

From this perspective, he argues that expanding Ethereum’s throughput without simultaneously enhancing user safety measures creates an environment where “record activity” can be indistinguishable from automated abuse. He warns that obsession with flashy metrics may obscure a darker reality: cheap blockspace can inadvertently subsidize large-scale scams, with small users bearing the losses.