Ethereum’s Historical Network Growth: A Critical Analysis
Ethereum has recently reported an unprecedented surge in daily network growth, marking the highest levels of user engagement in its history. This statistical escalation ostensibly indicates a significant resurgence of user activity across the platform.
In the preceding week, the Ethereum mainnet processed an astonishing 2.9 million transactions, a benchmark that sets a new all-time high according to data compiled by Token Terminal. Concurrently, there was a notable increase in daily active addresses, which surged to approximately 1.3 million from around 0.6 million registered in late December.
Significantly, this expansion in transactional throughput has occurred amidst relatively stable transaction costs. Average fees have remained within the minimal range of $0.10 to $0.20, despite the record demand for network utilization. This is particularly remarkable when juxtaposed with historical data from the 2021-2022 NFT boom, during which transaction costs surged to alarming levels between $50 and $200, suggesting a profound transition towards enhanced economic accessibility.
However, forensic analysis raises pertinent questions regarding the authenticity of this growth. While surface-level metrics may signify a revival indicative of a bullish market environment, security researchers caution that a substantial fraction of this uptick is attributable to malicious actors exploiting the network’s newly reduced fees.
The Scaling Context
To comprehend the sudden escalation in transactional volume on Ethereum, one must consider the recent structural modifications implemented within its protocol. Historically, the Ethereum network has been celebrated for its robustness but simultaneously criticized for being economically inaccessible to the average user.
Leon Waidmann, head of research at the Onchain Foundation, articulated that upon his entry into the cryptocurrency domain, the fees associated with Ethereum’s mainnet were prohibitively high for typical users. He emphasized that such costs rendered the platform impractical for retail interaction, frequent usage, and the development of consumer-scale applications.
This paradigm began to shift approximately one year ago when Ethereum developers systematically endeavored to scale the network while maintaining its decentralization and security principles. These efforts culminated in three pivotal protocol upgrades designed to enhance throughput.
- The first upgrade, termed “Pectra,” was executed in May 2025 and effectively increased blob capacity by raising the target blobs per block from three to six and the maximum from six to nine—thereby doubling expected blob throughput.
- The subsequent upgrade, “Fusaka,” launched in December 2025 and introduced Peer Data Availability Sampling (PeerDAS). This innovation enabled validators to confirm blob availability through sampling rather than necessitating complete dataset downloads, thereby facilitating increased throughput while keeping node requirements manageable.
- Most recently, the Blob Parameter-Only (BPO) fork implemented in January 2026 elevated blob capacity targets from ten to fourteen and maximum limits from ten to twenty-one—strategic modifications aiming to unlock considerable capacity for Ethereum’s blockchain network.
The economic repercussions of these upgrades became evident swiftly as mainnet fees experienced a dramatic decline, restoring affordability for basic transactions. Waidmann noted that this newfound economic viability allowed for direct building on Layer 1 at scale—prompting renewed interest from prediction markets, real-world asset applications, and payment solutions returning to the mainnet. Additionally, stablecoin transfers on Ethereum reached an unprecedented approximate total of $8 trillion during Q4 of last year.
Assessing Value Addition Amidst Record Activity
While record activity may ostensibly portray a blockchain ecosystem on an upward trajectory, on-chain analytics indicate that such activities have not substantively contributed value to Ethereum as a network. Data collected by Alphractal reveals a concerning trend: the Metcalfe Ratio—which juxtaposes market capitalization against the square of active users—has been declining steadily. This metric suggests that valuation is failing to align with genuine network adoption rates.
Moreover, Ethereum’s Adoption Score currently resides at level one—the lowest tier within its historical framework—signifying a languid market environment characterized by valuations inadequately reflecting on-chain activity levels. In light of these findings, Matthias Seidl, co-founder of GrowThePie, posits that the observed increase in network activity may lack organic foundations.
Seidl elaborated on this assertion by referencing an instance wherein a single address received approximately 190,000 native ETH transfers from an equivalent number of unique wallets within a single day. He observed that while the number of wallets receiving native transfers remained relatively stable, there was a considerable uptick (doubling) in wallets executing native transfers. Notably, many of these transactions utilized only 21,000 gas—the minimal requirement for EVM transactions—accounting for nearly half of all network transactions. In contrast, sending an ERC20 token necessitates approximately 65,000 gas units and stablecoin transfers demand gas equivalent to three native ETH transactions.
Address Poisoning Campaigns: A Malicious Underbelly
Amidst this apparent surge in on-chain activity lies a resurgence of an age-old scam—address poisoning—repackaged for an era characterized by diminished transaction fees. Security researcher Andrey Sergeenkov has identified a wave of address-poisoning campaigns capitalizing on these low gas costs since December; these campaigns artificially inflate network metrics while embedding misleading transaction histories designed to deceive users into transferring genuine funds into fraudulent addresses.
The mechanics underpinning these attacks are deceptively simple: scammers create “poisoning” addresses that closely resemble legitimate wallet addresses by matching both initial and terminal characters. Following a victim’s legitimate transfer to their intended address—a common occurrence—the attacker transmits a small “dust” transaction to this spoofed address so it appears within the victim’s recent transaction history. The assumption is that at some later juncture, the user may inadvertently copy this familiar-looking address without validating its complete string.
In light of these developments, Sergeenkov attributes much of the surge in new Ethereum address creation to such nefarious tactics. He estimates new address generation spiked approximately twofold compared to averages recorded throughout 2025—with peak activity reaching around two million new addresses within the week commencing January 12th.
A detailed decomposition of transactional flows associated with this growth reveals that approximately eighty percent can be traced back to stablecoin activity rather than organic user engagement. To assess whether this phenomenon bore hallmarks indicative of address poisoning schemes, Sergeenkov scrutinized new addresses for specific signatures—namely those receiving sub-$1 stablecoin transfers as their inaugural interactions.
His analysis indicated that sixty-seven percent of newly created addresses exhibited this characteristic; specifically identifying approximately three point eight six million out of five point seven eight million addresses received “dust” as their initial stablecoin transaction.
Upon further examination focused on senders executing transactions involving less than $1 worth of USDT or USDC between December fifteenth and January eighteenth—the researcher discovered accounts distributing small amounts across at least ten thousand addresses were prevalent throughout his dataset. This led him to identify smart contracts engineered for mass poisoning operations capable of orchestrating hundreds of poisoning addresses within singular transactions.
One such contract contained a function labeled `fundPoisoners`, which Sergeenkov described as providing stablecoin dust alongside minuscule amounts of ETH designated for gas expenses across extensive batches of poisoning addresses simultaneously. These addresses then disseminate dust transactions targeting millions of potential victims—thus manufacturing misleading entries within wallet transaction histories.
This model is predicated on scale; although most recipients will likely remain vigilant against falling prey to such scams—if even a minuscule fraction succumb—the economic implications remain favorable for attackers. Sergeenkov estimates an effective conversion rate hovering around zero point zero one percent; thus framing their operations as sustainable even amidst high failure rates. Within his analyzed dataset alone, one hundred sixteen victims collectively forfeited approximately seven hundred forty thousand dollars—with one individual loss amounting to five hundred nine thousand dollars alone.
The critical barrier to entry for perpetrating such schemes historically resided in associated costs; however—given recent reductions in Ethereum network fees—the risk-reward assessment has dramatically shifted in favor of malicious actors poised to exploit these vulnerabilities.
Sergeenkov contends that scaling Ethereum’s throughput without fortifying user safety mechanisms has engendered an environment wherein “record” activity may be indistinguishable from automated exploitation efforts. He warns that industry preoccupations with headline-grabbing network metrics may obscure deeper issues; notably that cheaper blockspace could inadvertently facilitate large-scale scams masquerading as legitimate adoption efforts—ultimately burdening retail users with resultant losses.
