The Ethereum Paradox: Activity at an All-Time High, Fees at Rock-Bottom—What’s Really Going On Behind the Scenes?
TechFlow Selected TechFlow Selected
The Ethereum Paradox: Activity at an All-Time High, Fees at Rock-Bottom—What’s Really Going On Behind the Scenes?
Despite record-breaking activity seemingly signaling Ethereum's rise, on-chain data shows that this transaction activity has not created real value for the network.
Navigating Web3 tides with focused insightsAuthor: Oluwapelumi Adejumo
Translation: Luffy, Foresight News
Ethereum's current daily network growth metrics have reached an all-time high. On the surface, this surge in statistics marks a significant return of user activity.
According to Token Terminal data, Ethereum’s mainnet processed 2.9 million transactions over the past week, setting a new historical record.
Meanwhile, the number of daily active addresses has also surged dramatically, increasing from around 600,000 in late December to approximately 1.3 million.
Crucially, this explosive increase in throughput is occurring while transaction costs remain extremely low. Despite hitting record-high transaction demand, average fees have consistently stayed within the $0.1 to $0.2 range.
On-chain activity on Ethereum. Data source: Token Terminal
For a network like Ethereum—where fees soared to $50–$200 during the 2021–2022 NFT boom—this shift represents a fundamental change in transaction accessibility.
However, analysis shows that this growth is not entirely organic. While surface-level indicators may suggest a bull market recovery, security researchers warn that much of the network traffic is actually driven by malicious actors.
These attackers are leveraging Ethereum’s drastically reduced fees to launch industrial-scale “address poisoning” campaigns, using automated scam patterns disguised as legitimate transactions to precisely defraud users.
The Context of Network Scaling
To understand this sudden spike in transaction volume, one must examine recent structural changes to the Ethereum protocol. For years, although powerful, Ethereum’s network fees were prohibitively expensive for most users.
Leon Waidmann, Research Lead at the Onchain Foundation, noted that since entering the crypto industry, Ethereum mainnet fees have always been exorbitantly high for ordinary users.
He stated that Ethereum was not only too costly for retail participants but also too expensive for building consumer-facing applications.
This began to change about a year ago, when the Ethereum development team implemented systematic scaling optimizations while striving to maintain decentralization and security.
A series of protocol upgrades advanced Ethereum’s scalability roadmap, with three core upgrades in particular.
The first was the Pectra upgrade in May 2025, which increased the per-block target blob count from 3 to 6 and the maximum from 6 to 9, effectively doubling the expected processing capacity for blob data.
Then, in December 2025, Ethereum completed the Fusaka upgrade, introducing Peer Data Availability Sampling (PeerDAS). This technology allows validators to verify blob availability via sampling rather than downloading full datasets, further enhancing network throughput while keeping node operation requirements reasonable.
The latest upgrade was the Blob-only parameter fork in January 2026, raising the per-block target blob count from 10 to 14 and the maximum from 14 to 21. These upgrades collectively aim to unlock significantly higher network processing capacity.
The economic impact was immediate: Ethereum mainnet fees dropped sharply, making simple transactions affordable again.
Leon Waidmann pointed out that large-scale development directly on Ethereum’s mainnet has now become feasible, prompting a resurgence of prediction markets, real-world asset trading, and payment services returning to the mainnet.
At the same time, stablecoin transfer volumes on Ethereum reached approximately $8 trillion in the last quarter of last year.
Ethereum’s Record Activity Lacks Underlying Value
Despite record-breaking activity appearing to signal Ethereum’s resurgence, on-chain data reveals these transactions are not generating real value for the network.
Data from Alphractal shows that the Metcalfe ratio—a metric measuring market cap against the square of active user count—is steadily declining, indicating that Ethereum’s valuation growth is failing to keep pace with actual network adoption.
Ethereum’s Metcalfe Ratio. Source: Alphracta
Moreover, Ethereum’s network adoption score currently stands at Level 1—the lowest tier historically—reflecting weak market conditions and a low valuation relative to on-chain activity.
Based on this, Matthias Seidl, co-founder of GrowThePie, believes Ethereum’s recent activity surge is not organically driven.
He cited one single address that received 190,000 ETH transfers in a single day from 190,000 distinct wallets.
Matthias Seidl noted that while the number of receiving wallets remains relatively stable, the number of sending wallets has grown sharply. He emphasized that a large number of ETH transfers consume only 21,000 gas—the cheapest transaction type on the Ethereum Virtual Machine (EVM).
Ethereum EVM transaction costs. Data source: GrowThePie
Currently, such low-cost native transfers account for nearly 50% of all Ethereum transactions. In contrast, transferring an ERC20 token requires about 65,000 gas, meaning one stablecoin transfer consumes as much gas as three ETH transfers combined.
Address Poisoning: Scams Make a Comeback
Meanwhile, the surge in Ethereum’s on-chain activity stems from a revived old scam exploiting the era of low fees.
Security researcher Andrey Sergeenkov pointed out that since December last year, a wave of address poisoning attacks has spread widely by leveraging Ethereum’s low gas fees—boosting key network metrics while injecting fake addresses into users’ transaction histories to trick them into sending real funds to attackers.
The method is simple: scammers generate “poisoned addresses” whose starting and ending characters match those of victims’ legitimate wallet addresses; after a victim completes a normal transfer, attackers send a small “dusting transaction” to their wallet, causing the fake address to appear in the user’s recent transaction history.
Their bet is that when users make future transfers, they will copy this seemingly familiar address directly from the history without verifying the full string.
Based on this, Andrey Sergeenkov linked the surge in new Ethereum addresses to this scam technique. He estimated that current new address creation is about 2.7 times the 2025 average, peaking at around 2.7 million new addresses in the week of January 12.
Data on victims of address poisoning attacks. Data source: Andrey Sergeenkov
After analyzing the flow of funds behind this growth, he concluded that about 80% of transaction activity is driven by stablecoin transactions—not organic user demand.
To test whether this growth stems from address poisoning, Andrey Sergeenkov looked for a telltale sign: new addresses whose first transaction involved receiving less than $1 in stablecoins.
Statistically, 67% of new addresses matched this pattern. Specifically, among 5.78 million new addresses, 3.86 million had their first stablecoin transaction as a dust transfer.
He then shifted focus to the senders: examining accounts that sent less than $1 worth of USDT or USDC between December 15, 2025, and January 18, 2026.
Andrey Sergeenkov counted the number of unique recipient addresses per sender and filtered for accounts that sent to at least 10,000 addresses. The result revealed that these accounts were backed by smart contracts specifically designed for industrial-scale address poisoning—code capable of funding and coordinating hundreds of poisoned addresses in a single transaction.
One such contract he studied included a function labeled fundPoisoners, described as distributing stablecoin dust and small amounts of ETH for gas fees to a large batch of poisoned addresses in one go.
These poisoned addresses then disperse across the network, sending dust transactions to millions of potential targets, creating misleading entries in their wallets’ transaction histories.
The core of this scam model lies in scale: even though most recipients won’t fall for it, if even a tiny fraction do, the scheme becomes economically viable.
Andrey Sergeenkov calculated the actual success rate of the scam to be around 0.01%, meaning its business model inherently tolerates an extremely high failure rate. In his analyzed dataset, 116 victims lost a total of approximately $740,000, with the largest single loss reaching $509,000.
Previously, the biggest constraint on such scams was cost. Address poisoning requires millions of on-chain transactions, none of which generate direct revenue unless a victim sends funds by mistake.
Andrey Sergeenkov believes that before late 2025, Ethereum’s network fees made this mass-transfer fraud strategy unprofitable. But now, with transaction costs reduced by roughly sixfold, the risk-reward balance has flipped dramatically, making such scams highly attractive to attackers.
Thus, he argues that as Ethereum enhances its transaction processing capacity without strengthening user-facing security protections, it creates a distorted environment where “record-breaking” network activity becomes indistinguishable from automated malicious behavior.
In his view, the crypto industry’s obsession with network metrics may obscure a darker reality: cheap block space makes it easy to disguise large-scale user fraud as legitimate network adoption—with users ultimately bearing the losses.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@CryptoSlate
