Author: Tanay Ved Source: CoinMetrics Translation: Shan Ouba, Jinse Finance
Following the Fusaka upgrade in December 2025, Ethereum's daily transaction volume increased by approximately 50%, and the number of active addresses rose by approximately 60%, but some of this growth stemmed from address poisoning attacks rather than natural adoption.
Analysis of 227 million USDC and USDT balance updates shows that 43% were dust transfers under $1, with 38% of those being less than 1 cent.
After the Fusaka upgrade, stablecoin dust transfers accounted for an average of approximately 11% of all daily Ethereum transactions and approximately 26% of daily active addresses.
These findings highlight the value of adjusted metrics, filtering out low-value activity to more accurately measure the network's true usage. Ethereum launched the Fusaka upgrade on December 3, 2025, improving network scalability while reducing transaction costs. Since then, Ethereum network activity has surged: daily transaction volume currently exceeds 2 million (peaking at 2.89 million on January 16), 1.5 times the pre-upgrade level; daily active addresses have reached 1.4 million, an increase of approximately 60% compared to the pre-upgrade average. At first glance, this growth seems to indicate that the Fusaka upgrade has been very effective, with low fees driving widespread adoption of the network. However, recent research has found that part of the growth stems from address poisoning attacks, which have become economically feasible with the significant decrease in transaction fees. This article will delve into the surge in Ethereum activity following the Fusaka upgrade, quantify the scale of address poisoning attacks using Coin Metrics' ATLAS tool, and explore its impact on network activity metrics. What is an Address Poisoning Attack? An address poisoning attack is a well-documented social engineering attack that exploits the speed and complexity of blockchain transactions, targeting users' habit of copying wallet addresses from their transaction history to commit fraud. Attackers generate "similar addresses" with the same first and last characters as addresses previously used by the victim, then send a small amount of money (usually less than 1 cent) to the victim's wallet, implanting a "poisoned entry" in their transaction history. When the victim subsequently copies the address from their transaction history, they may mistakenly transfer funds to the attacker's account. Such attacks have appeared on multiple public blockchains and rely on economies of scale: the success rate of a single attack is extremely low, so to make a profit, it is necessary to inject poisoned funds into millions of wallets. Previously, Ethereum's gas fees were too high, making large-scale implementation of such attacks economically unfeasible, but this situation changed after the Fusaka upgrade. Evidence of Ethereum Address Poisoning Attacks To investigate the existence of address poisoning attacks on Ethereum, we first analyzed the core indicators of stablecoins. As the largest fiat-backed stablecoins on Ethereum, USDC and USDT provide a clear window for observing on-chain transaction activity. The following observations indicate the presence of anomalous activity: After the Fusaka upgrade, the trading volume of these tokens below $1 increased dramatically, from approximately 50,000 transactions per day to approximately 380,000 transactions per day, accounting for a large proportion of the total stablecoin trading volume. The number of addresses holding small "dust balances" (greater than 0 but less than 1 native unit) has increased dramatically, consistent with the fact that millions of wallets have received tiny amounts of poisoned funds. The median transaction size for major stablecoins on Ethereum has also plummeted from approximately $100 to just $0.001, a drop of about 100,000 times.
Data Source: Coin Metrics Network Data Pro
To understand the scale of address poisoning attacks, we used Coin Metrics' ATLAS tool to analyze 227 million USDC and USDT balance update records on Ethereum from November 2025 to January 2026.
Data Source: Coin Metrics Network Data Pro
Data Source: Coin Metrics ATLAS
Dust activity is highly concentrated in a small number of addresses. The top 10 sending addresses alone initiated over 8.5 million dust transfers, a characteristic consistent with large-scale dust distribution (rather than natural activity).
Dust activity is highly concentrated in a small number of addresses. The top 10 sending addresses alone initiated over 8.5 million dust transfers, a characteristic consistent with large-scale dust distribution (rather than natural activity).
Combining stablecoin analytics with Ethereum network data provides a more comprehensive understanding of the actual situation regarding activity growth. Before the Fusaka upgrade, stablecoin dust transfers accounted for approximately 3%-5% of Ethereum transaction volume and 15%-20% of active addresses; after the upgrade, these figures jumped to 10%-15% of daily transaction volume and 25%-35% of active addresses, representing an increase of 2-3 times.
US lawmakers are meeting with crypto leaders to discuss a bill that would let the government buy one million Bitcoin over five years. The plan aims to build a strategic Bitcoin reserve using budget-neutral funding, but it needs wider political support to move forward.
AnaisCredit Saison has launched a $50 million fund, Onigiri Capital, to invest in blockchain startups focused on real-world asset applications. The fund aims to connect U.S. innovators with Asia’s financial markets, helping early-stage projects meet regulatory and institutional standards.
AnaisGemini has agreed in principle to settle its legal fight with the US SEC over its Gemini Earn lending programme. The deal comes soon after Gemini’s $425 million stock market debut, giving the exchange a chance to close the case and move forward.
WeatherlyCollector Crypt’s CARDS token, which links digital Pokemon cards to real ones, has surged 2,400% in just over two weeks. The platform’s popularity comes from gamified pack openings, instant buybacks, and global trading, sparking renewed interest in tokenised trading cards.
WeatherlyIsrael has seized 137 cryptocurrency wallets linked to Iran’s Revolutionary Guards, holding an estimated $1.5 billion in USDT. Authorities froze part of the funds using Tether’s blacklisting feature, but most remain active, showing the limits of controlling crypto transactions.
AnaisThe Trump family’s American Bitcoin Corp started trading on Nasdaq, raising $2.1 billion and holding 2,443 Bitcoins to offer investors regulated crypto exposure. This comes as Donald Trump’s administration eases crypto regulations, boosting family-held digital assets worth over $5 billion.
WeatherlyA new South Korean drama "To The Moon", follows three women investing in crypto during the 2017–2018 Bitcoin boom. It highlights the country’s $3.15 billion daily retail crypto market and growing regulatory oversight.
JoyBitwise has asked US regulators to approve an exchange-traded fund that invests in both stablecoin companies and crypto assets. The plan follows a surge in stablecoin supply and tokenised assets this year, aiming for a launch before the end of 2025 if the SEC agrees.
AnaisSui has partnered with Google to allow AI agents to make stablecoin payments automatically using its blockchain. The news boosted SUI’s price and trading, while the network also released developer tools and may see further growth from a planned SUI-based ETF.
WeatherlyA TaskUs employee allegedly stole and sold Coinbase customer data, affecting at least 69,000 users and causing losses of up to $400 million. The scheme involved insider co-workers and hackers, with TaskUs accused of covering up the breach while Coinbase reimbursed affected customers and tightened security.
Weatherly