A recent report from the blockchain explorer Etherscan has highlighted a significant industrialization of address poisoning attacks within the Ethereum ecosystem. This malicious tactic, which involves tricking users into sending funds to fraudulent accounts, has seen a dramatic increase in activity following the recent Fusaka network upgrade on December 3, 2025. By exploiting the reduced transaction costs associated with the upgrade, malicious actors have ramped up their operations, specifically targeting USDT (Tether) transfers.
Industrialized Attacks and Post-Fusaka Trends
The data indicates that the Fusaka upgrade unintentionally lowered the barrier for entry for attackers by reducing gas fees. This shift led to a 612% surge in USDT dust transfers, as automated scripts now find it more cost-effective to flood the network with micro-transactions. Address poisoning works by generating lookalike addresses that share the same first and last characters as a user's frequent contacts. Attackers then send dust transfers—transactions of near-zero value—to pollute the victim's transaction history, hoping the user will inadvertently copy the wrong address for a future high-value transfer.
Scale of Operations and Historical Impact
While the success rate of these attempts remains marginally low at approximately 0.01%, the sheer volume of the operations ensures profitability for the perpetrators. Etherscan’s historical analysis, covering the period from July 2022 to June 2024, reveals the following statistics:
- Approximately 17 million poisoning attempts were recorded on-chain.
- Total confirmed losses have exceeded $300,000.
- Automated systems are capable of generating thousands of vanity addresses per hour.
Address poisoning relies on the psychological tendency of users to only verify the beginning and end of a long alphanumeric string rather than the entire hash.
Risk Mitigation and User Security
The industrialization of this threat suggests that manual verification is no longer an optional safety measure but a necessity for participants in the Ethereum blockchain. Experts recommend that users utilize address books within their wallets and double-check every character of a destination address before confirming a transaction. Because these attacks leverage zero-value transfers to appear in UI transaction lists, users should be wary of any unexpected incoming tokens, even if they appear to originate from known sources.
The persistent nature of these attacks underscores a growing challenge for the decentralized finance (DeFi) sector. As network upgrades continue to improve efficiency and lower costs for legitimate users, they simultaneously provide a more scalable environment for automated malicious activities. Ensuring the integrity of transaction histories remains a critical priority for both developers and the broader crypto community.
Frequently Asked Questions
Quick answers to the most common questions about this topic.
For educational purposes only. Nothing here constitutes financial or investment advice. Crypto markets are highly volatile — always DYOR before making any decisions.
Fact-checked per our editorial policy. We maintain strict independence from advertisers. Spot an error? Let us know.