Fusaka Upgrade Sparks 3x Rise in Dust Attacks
Malicious "dusting" attacks on Ethereum have tripled since the December Fusaka upgrade lowered transaction costs, now accounting for 11% of all network transactions. A Coin Metrics analysis of 227 million USDC and USDT balance updates from November 2025 to January 2026 revealed the sharp increase. Before the upgrade, these low-value transfers represented 3-5% of transactions and 15-20% of active addresses. Post-Fusaka, those figures climbed to 11% of transactions and 26% of active addresses, marking a significant distortion of on-chain activity metrics.
Address Poisoning Costs Users $740,000
The primary driver of this activity is address poisoning, a scam where attackers send trivial amounts of stablecoins from wallets with addresses that closely resemble a user's legitimate counterparties. Unsuspecting users may then copy the attacker's address from their transaction history, inadvertently sending funds to the scammer. The low cost of transactions has made this attack highly scalable; one prominent attacker executed nearly 3 million dust transfers for a total cost of only $5,175. To date, these attacks have resulted in at least $740,000 in user losses.
Organic Activity Still Represents 57% of Volume
While the dust activity inflates headline metrics, the majority of network growth appears to be from genuine use. The Coin Metrics report found that 57% of the 227 million stablecoin balance updates analyzed involved transfers greater than $1. This suggests that while 250,000 to 350,000 addresses are involved in dust activity daily, the recent 60% increase in daily active addresses to 1.4 million is not entirely inorganic. Coin Metrics concluded that the data points to real network expansion.
The majority of post-Fusaka growth reflects genuine usage, though dust activity is a factor worth noting when interpreting headline metrics.
— Coin Metrics.
