Ethereum blockchain beats its own speed-ups, but there's a catch

Ethereum, the smart contract blockchain, now handles more daily activity than its cheaper side chains, called Layer -2 networks. But this comeback has a catch – not all of that Ethereum activity appears to reflect genuine user demand.

The number of daily active addresses on Ethereum climbed toward the 1 million mark earlier this month, briefly peaking above 1.3 million on Jan. 16 before settling closer to 950,000, according to data source Token Terminal.

That puts Ethereum ahead of popular scaling networks such as Arbitrum, Base and OP Mainnet, reversing much of the narrative that users had permanently migrated off L1.

Active addresses are the unique blockchain wallets that make transactions, like sending, receiving cryptocurrencies, or interacting with smart contracts, in a given time period, let's say daily. Analysts track the metric to study the real network usage beyond the token price hype.

Layer 2 scaling networks are like side roads or express lanes built on top of the main blockchain highway, Ethereum. These sidechains handle tons of transaction traffic quickly and cheaply off the main chain, and then communicate the final tally back to the main chain for security.

The rebound in Ethereum activity follows December’s Fusaka upgrade, which sharply reduced transaction fees and made it cheaper to transact directly on Ethereum again. Lower costs have helped revive on-chain activity, particularly for stablecoins, which remain the dominant use case for day-to-day transfers.

At face value, the numbers suggest a “return to mainnet” moment. But analysts caution that raw address counts can be misleading, especially when fees fall far enough to make spam economical.

Address poisoning muddies the picture

Imagine spam calls flooding your phone. your call log looks busy, but most are junk, not real conversations. Something similar has been happening on Ethereum, as a significant portion of January’s address growth is tied to address poisoning attacks rather than organic adoption.

Security researcher Andrey Sergeenkov said in a post earlier this week that the spike aligns closely with a rise in dusting activity, where attackers send tiny stablecoin transfers to millions of wallets.

Address poisoning works by exploiting human behavior. Attackers generate wallet addresses that closely resemble a victim’s real address, often matching the first and last characters.

They then send small “dust” transfers, usually under $1, so the fake address appears in the victim’s transaction history. When the victim later copies an address from that history instead of a trusted source, funds are mistakenly sent to the attacker.

Sergeenkov’s analysis found that the number of new Ethereum addresses jumped to roughly 2.7 million during the peak week of Jan. 12, about 170% above normal levels. Around two-thirds of those addresses received dust as their first stablecoin transaction, a strong signal of poisoning activity rather than real onboarding.

The attack has already resulted in more than $740,000 in confirmed losses, with most of the stolen funds coming from a small number of victims. Lower fees following Fusaka appear to have made these campaigns viable, allowing attackers to spray transactions at scale with limited upfront cost.

The takeaway is not that Ethereum usage is fake, but that headline metrics need context.

Lower fees have clearly brought activity back to mainnet, especially for stablecoins. At the same time, cheap transactions also enable abuse, inflating address counts and transaction volumes.