Some outlined the connection between lower fees on mainnet since Fusaka and increased attacks.
Ethereum mainnet is seeing an unusually high spike in activity, even surpassing metrics across Layer 2s, which were initially designed to be more scalable alternatives to the network.
But researchers caution that the headline numbers around active addresses and transaction count are being distorted by dust attacks and so-called “address-poisoning” campaigns rather than organic activity on the network.
In a Jan. 22 post on X, Token Terminal flagged that Ethereum’s Layer 1 chain “outranks all leading L2s in terms of daily active addresses.”
Last Friday, Jan. 16, the network reached 1.2 million active daily addresses, according to Token Terminal data, up from a previous high of 589,000 daily active addresses in July.
The number of transactions on the network also reached an all-time high that day of about 2.8 million transactions, per BitInfoCharts data. In the past 24 hours, the network has seen about 2.5 million transactions.
The recent surge in mainnet activity overshadows previous cycle activity peaks such as those connected with CryptoKitties, DeFi summer, and the 2021-2022 NFT market boom.
Stablecoins Are Everywhere
But independent crypto journalist and on-chain researcher Andrey Sergeenkov says a different story is hidden behind the spike. In a recent report, Sergeenkov found that automated poisoning contracts have been sending out tiny stablecoin amounts of less than $1 to millions of addresses, stealing over $740,000 worth of crypto.
The scam works by sending tiny amounts of crypto to addresses that look nearly identical to the ones most often used by the potential victim, with the goal of tricking them into later sending funds to the lookalike, scam address.
“I calculated how many users received less than a dollar as their first stablecoin transaction, and it turned out 67% of addresses fit this pattern. 3.86M out of 5.78M addresses received dust as their first transaction,” Sergeenkov writes.
He says the spam attacks across Ethereum became possible “thanks to the Fusaka upgrade, which made spam transactions cheap enough to be profitable.” Analysts at American multinational investment bank Citi reportedly echoed the concern, saying in a report this week the activity on Ethereum highly resembles “address poisoning scam campaigns.”
Sergeenkov concluded that what developers are doing is “reckless experimentation at users’ expense disguised as a revolution where ordinary people bear all the risks.”
‘They Need to Fix Fundamental Problems’
However, some pushed back against Sergeenkov’s findings, calling the researcher’s characterization of Fusaka a “crazy take” and arguing that security is “usually a tradeoff against usability.”
Speaking with The Defiant, Sergeenkov rejected the idea that the issue comes down to unavoidable tradeoffs. Referencing his own “reckless experimentation” characterization, Sergeenkov told The Defiant:
“If anything, I’m being too gentle. To experiment means you don’t know the outcome. Developers KNEW about the effect their upgrade would cause and chose to sacrifice security for nice headlines anyway,” explaining further that the connection between lower fees and increased attacks “wasn’t just predictable, it was documented.”
Sergeenkov also said portraying the changes as user experience improvements masks the real impact on users.
“Before attracting new users with low fees, they need to fix fundamental problems first. If they’re unable to fix them, maybe they should declare the Ethereum experiment a failure and take up knitting instead of promoting themselves as a ‘Trillion Dollar Security’ replacement for existing financial infrastructure,” he added.
Security Tradeoffs
The Fusaka upgrade went live in December last year, raising the block gas limit on Ethereum and introducing other features for Layer 2s. Its primary aim was to support scalability and long‑term growth rather than to directly cut Layer 1 transaction fees. The developers specifically noted in the roadmap for the upgrade:
“This upgrade does not lower gas fees on L1, at least not directly. The main focus is more blob space for rollup data, therefore lowering fees on layer 2. This might have some side effects on L1 fee market but no significant change is expected.”
But L1 fees did decrease following the Fusaka upgrade, albeit only slightly. Data from BitInfoCharts shows that the average Ethereum transaction fee fell from around $0.50 in late November to about $0.20 after the upgrade went live in December.
Gonçalo Magalhães, head of security at blockchain bug bounty firm Immunefi, pointed out in commentary shared with The Defiant that while Ethereum upgrades like Fusaka and Pectra “are pushing UX forward by removing friction,” they also “make it easier for users to inadvertently sign something they don’t fully understand.”
Hence, as Magalhães argues, the industry needs “more adoption of naming systems like ENS, because human-readable identifiers make lookalike address attacks harder.”
For Sergeenkov, the fix needs to come from Ethereum at the infrastructure level, before the network scales to billions of users, per the Ethereum Foundation’s stated goals. He told The Defiant:
“I’m not claiming we need to implement 100x fees. I’m saying that before lowering fees and scaling the blockchain, we need to solve the most basic infrastructure problems that enable dust attacks, social engineering attacks, MEV bots, and the ease with which attackers launder stolen funds.”
The on-chain researcher also pushed back against the notion that wallets should bear the responsibility and implement UI changes to address these issues, clarifying to The Defiant, “Fixing the UX of wallets and educating users are band-aids that didn’t work even when the community was just a group of tech enthusiasts.”
The Defiant reached out to the Ethereum Foundation about the network activity spike and the implications of Sergeenkov’s and Citi’s findings, but has yet to receive commentary by press time.
