Etherscan: Ethereum Address Poisoning ‘Industrialized’ With 612% Surge In USDT Dust Transfers

Etherscan, the web-based blockchain explorer for the Ethereum network, has reported an industrialization of Ethereum address poisoning, a type of scam where attackers insert misleading addresses into a user’s transaction history to trick them into sending funds to fraudulent accounts. 

According to the platform’s latest report, this activity has surged following the Fusaka upgrade on December 3, 2025, which lowered transaction costs across the Ethereum network. In particular, USDT dust transfers increased by 612%, contributing to a historical total of approximately 17 million address poisoning attempts and estimated losses exceeding $79.3 million between July 2022 and June 2024.

A recent example cited in the report involved an Etherscan user Nima, who received over 89 Address Watch Alert notifications after making only two stablecoin transfers. These alerts were triggered by address poisoning transactions designed to place lookalike addresses into the wallet’s transaction history, thereby increasing the likelihood that users would copy the wrong address in subsequent transfers. While address poisoning has existed on Ethereum for several years, the report emphasizes that these campaigns have become automated and high-volume, capable of inserting poison transfers within minutes of legitimate transactions.

Competition between attackers is another notable aspect of modern address poisoning. Research shows that multiple attack groups often send poison transfers to the same target address simultaneously, racing to have their spoofed address appear first in the user’s transaction history. This competitive approach increases the likelihood that a user will copy a malicious address in a subsequent transaction. In one documented instance, thirteen poison transfers were recorded within a few minutes of a legitimate USDT transfer. Common methods of address poisoning include low-value dust transfers, spoofed token transfers, and zero-value token transfers, which are cheap to execute at scale but can cause significant disruption if users are misled.

Low-Cost Transfers Fuel Profitable Poisoning Campaigns Despite Minimal Individual Success Rates

The economics of these attacks make them particularly effective despite their low success rate. Researchers have found that only about one in every 10,000 poisoning transfers results in a user mistakenly sending funds to an attacker, a success rate of roughly 0.01%. However, when thousands or millions of attempts are executed, even a single successful transaction can generate significant profits, easily offsetting the cost of failed attempts. The Fusaka upgrade amplified this effect by reducing transaction fees, allowing attackers to send far more poison transfers without incurring prohibitive costs. Network activity increased following the upgrade, with Ethereum processing an average of 30% more daily transactions in the 90 days afterward compared with the 90 days prior. Additionally, the creation of new addresses surged by approximately 78%, while dust transfer activity, particularly for stablecoins such as USDT, USDC, and DAI, increased dramatically.

Dust transfers, which involve very small amounts of tokens, are commonly used in these campaigns to populate transaction histories without requiring significant expenditure from attackers. While not all dust transfers indicate fraudulent activity, Etherscan’s analysis suggests that a large portion of these small-value transactions are likely part of address poisoning schemes. Attackers often mass-send tokens and ETH to newly generated spoofed addresses, which subsequently forward these dust transfers to the target individually. This process ensures that the lookalike addresses appear in the victim’s transaction history and increases the probability of successful deception.

In order to avoid becoming a victim of such a tactic, Etherscan advises users to exercise caution by verifying destination addresses before sending funds. Tools such as private address name tags, wallet address books, ENS domains, and the Address Highlight feature can help distinguish legitimate addresses from lookalikes. Additionally, Etherscan as a platform provides alerts for suspicious activities, including low-value and spoofed token transfers, to reduce the risk of error.

The report concludes that while address poisoning attacks are becoming very prevalent and automated, user awareness combined with enhanced interface design can mitigate risks. The company continues to refine its platform by labeling poisoning addresses, flagging zero-value transfers, and surfacing suspicious activity to help users identify potential scams more effectively.

The post Etherscan: Ethereum Address Poisoning ‘Industrialized’ With 612% Surge In USDT Dust Transfers appeared first on Metaverse Post.