Key Takeaways
Ethereum is processing more transactions than ever, but a 612% surge in sub-cent USDT transfers reveals a worrying trend: low fees have made industrial-scale “address poisoning” attacks economically viable. With ETH trading near $2,116, the record network activity now masks a growing security threat for users of the largest smart contract platform.
"The common thread isn't complexity per se,” Raz Niv, Co-Founder and CTO at on-chain security platform Blockaid, said. “It's that each layer of abstraction (proxies, admin roles, cross-chain messaging) introduces trust assumptions that attackers methodically probe.”
Data from independent network research shows the scale of the issue after Ethereum’s December 2025 Fusaka upgrade, which was designed to lower transaction costs. In the 90 days following the upgrade, sub-$0.01 USDT dust transfers rose from 4.2 million to 29.9 million, a 612% increase. Similar activity for USDC and DAI rose 473% and 470%, respectively, while tiny ETH transfers jumped 62%. On April 28, Ethereum logged a record 3,627,491 daily transactions while average fees fell to around $0.21, down 58% from one year prior.
The surge in low-cost attacks creates an uncomfortable tradeoff for the Ethereum network. While lower fees are essential for user adoption and application growth, they also reduce the cost for attackers to run large-scale campaigns. Raw transaction counts, once a key indicator of network health, are now a noisier metric, mixing genuine user activity with a significant amount of security-abuse traffic.
Address poisoning is a social-engineering attack that preys on user habits. Attackers generate wallets with addresses that have identical beginning and ending characters to a victim's address. They then send a tiny "dust" transaction (e.g., $0.001 in USDT) from their lookalike address to the victim. The goal is for the attacker's address to appear in the victim's wallet history. If the victim later copies this lookalike address by mistake when sending a larger sum, the funds are lost to the attacker. While the success rate is low, the low cost per attempt now makes it profitable at scale.
This specific attack vector is part of a wider, challenging security environment for DeFi. In the first five months of 2026 alone, over $840 million was lost to DeFi hacks, according to DeFiLlama data. Experts note that advances in AI may be helping attackers find vulnerabilities faster, with a notable rise in older and unverified smart contracts being exploited. Ari Redbord, Global Head of Policy at TRM Labs, said that state actors are also a defining threat, with North Korea-linked groups accounting for 76% of global crypto hack losses through April 2026.
The solution requires a multi-layered defense. Wallet providers and explorers are being pushed to implement better spam filtering and warnings for transactions involving new or suspicious addresses. For users, the rise of address poisoning makes tools like the Ethereum Name Service (ENS) and personal address books more critical for ensuring funds are sent to the correct recipient.
This article is for informational purposes only and does not constitute investment advice.
