Ethereum’s daily transaction count topped 3.62 million in late April, a record. Concerns are also being raised about what is driving the surge.

Cryptopolitan, a blockchain outlet, reported on May 25 that Ethereum network activity stayed elevated over the past 30 days. It said much of the increase appeared to coincide with the spread of address poisoning attacks rather than an expansion in high-value transactions.

In 2026, Ethereum has shifted its focus from layer 2 to scaling layer 1. In the process, the “Glamsterdam” upgrade was applied and gas fees fell further. Based on Etherscan data, standard transfer fees dropped to about $0.004, up to 90 percent lower than before. Complex transaction costs for swaps and decentralised exchanges also fell from around $1 in recent months to $0.07.

Lower fees have significantly improved on-chain accessibility. At the same time, it has been highlighted that rising transaction counts do not necessarily mean greater real-world use. Etherscan pointed to address poisoning attacks in 2026 expanding from passive and intermittent methods in the past to an industrial scale. It said automation has broadened the range of wallets being targeted.

Address poisoning attacks work by prompting users to copy a fake address mixed into their transaction history after mistaking it for a real one. Ethereum still has many wallets that have held large amounts of ether and various tokens for extended periods, creating strong incentives for attackers. While address poisoning attacks tend to have a low success rate, it is enough incentive if even some users copy a fake address incorrectly. Criticism has also emerged that the low cost of repeatedly sending many small transfers can keep attack attempts going.

Actual damage is also increasing. On-chain analysis tallied 2026 losses from address poisoning at $62 million, about 93.4 billion won. Tools for such attacks are being distributed on Telegram in packaged forms, creating conditions for more hackers to launch attacks at low cost.

The techniques are also becoming more complex. Users reported seeing a mix of worthless token transfers, dusting involving small amounts of real and valid tokens, and fake events that remain in wallet records. Some cases showed multiple fake records or small transfers appearing in a row after a single legitimate transaction. Cases were also confirmed in which a new plugin included in an artificial intelligence agent workflow swapped out copied cryptocurrency addresses midway, making even manual checks difficult.

As of May 25, the list of contracts with the highest gas usage identified one address as the main actor behind a large-scale address poisoning attack. However, the actual attacks are being carried out simultaneously through multiple addresses. Attackers mainly target wallets with remaining balances and active transaction histories, and some users’ wallets showed repeated deposits of worthless tokens or small USDT transfers that obscured legitimate transaction records.

The need to protect Ethereum users is also growing. Proposed key countermeasures include using wallets with anti-phishing features and not copying addresses shown in past transaction histories 그대로 when making new transfers. Address poisoning attacks rely on mass transfers and user mistakes, but caution is needed because losses can grow if the target is a whale wallet.

Ethereum’s high level of transparency has also come under renewed scrutiny. As fully public on-chain records are used as an attack vector, a stronger trend is emerging of users trying to conceal their activity for personal security. The fee decline has helped activate the network, but it has been highlighted that strengthening wallet security and anti-phishing protections is also needed to maintain trust as a mainstream financial platform.

https://t.co/SBZoEtLqM0