Ethereum address poisoning spike, ‘wallets aren’t ready’ says researcher

headline, Ethereum address poisoning spike, wallets aren't ready," says researcher,

published at 3.38pm March 12, 2026. On December 3, the Ethereum network executed the Fusaka upgrade

which had one focus, scaling without compromise. Gas fees once a major impediment to Ethereum's usability

for all but those with the deepest of pockets plummeted sharply, with transfers and swaps

costing just a few cents per transaction. Cheap transactions don't just benefit regular users,

however. Indeed, the increased affordability of long-running address poisoning campaigns

has seen losses, as well as activity, skyrocket, since Fusaka. Protos spoke to Andrei Serginkov,

an independent researcher analyzing address poisoning on Ethereum, who believes that

the wallets aren't ready and the protocol keeps scaling anyway.

Cheap gas, a boon for users and scammers alike.

In an article published last month, Serginkov identified a six-fold reduction in gas costs

resulting in an almost identical increase in the volume of address poisoning

from an average of 30,000 to 167,000 per day, 5.6 times.

Increased affordability has seen losses, as well as activity, skyrocket, since Fusaka.

The Sergin transactions has, unsurprisingly, been accompanied by increased losses.

Serginkov tracked dust transactions of 101 tokens and identified confirmed payoffs

over 73-day windows before and after Fusaka.

The value of funds stolen increased from $4.9 million per Fusaka to $63.3 million

in the period after the upgrade. He also observed a 2.6-fold increase in the number of successful

pay-off events. Even subtracting the largest post-Fusaka loss, a $50 million outlier just before

Christmas, the total is still $13.3 million, a 2.7-fold increase over the pre-Fusaka rate.

Serginkov told Proto's that since the end of the data set used in his most recent article,

there have been a number of significant losses. The top three of these were a $600,000 loss on

February 17, a $157,000 loss the following day, a $30,000 loss on February 28. In all,

he identified almost $900,000 in losses from 91 victims between those discussed in his article

and his response to Proto's on March 9. Adjusting for the recent losses and ignoring the outlier,

brings the average amount stolen per day to 2.1 times that of the pre-Fusaka rate.

The attack volume hasn't slowed either, he says, and is still picking up $200,000 to $350,000

poisoning transactions per day. While the individual transactions themselves may be cheap,

the potential rewards justify splashing large sums on casting as wide a net as possible.

Read more. Copy, paste, wrecked. Ethereum address poisoning strikes again.

Scaling without compromise.

Ethereum's efforts to reduce gas costs have been overwhelmingly successful. First,

demand was pushed onto cheaper, faster, layer 2, L2 networks, lowering activity on main net.

Though the advances in scaling, which don't look to be slowing down, mean, in the words of

Vitalik Buterin, that the original vision of L2S and their role in Ethereum no longer makes sense.

Later, the introductions of blobs, which did away with the ETH's deflationary

ultrasound narrative, and the Fusaka upgrade have seen the cost of gas mimicked the chart

of a classic DeFi slow-rug project.

Read more. Your L2 transaction fees are higher because of MEV spam report.

Sergenkov notes that, despite a known link between low fees and attack volume,

the upgrade went ahead anyway. He says the Ethereum foundation has not proposed or implemented

any protocol-level countermeasure, and Buterin places user protection entirely at the wallet

and UX layer. However, Sergenkov points to research, which claims that a 53-wallet studied

only three throw an explicit warning message to users before transferring to address poisoning

addresses. According to Namify CEO Z. Victor Joe, one potential solution is using leading zeroes,

making look-alike addresses much more costly and time-consuming for attackers to generate.

One minute of your laptop's GPU time creates an address that would cost an attacker 32 years to

fake, he claims, the isymetry is staggering. Emergent threats

Address poisoning isn't the only attack vector which benefits from low gas costs.

Security researcher Daniel von Fang notes that cheap gas makes for complex attack transactions,

which render only the tiniest smidge of money profitable.

Spectacularly wasteful, MEV activity was seen to offset scaling improvements on L2 networks,

negating any gas savings for regular users while looking to profit off their activity.

Other malicious behaviors can also be borne out of well-meaning upgrades.

The system produces new attack vectors structurally, with each change to the protocol, Sergenkov says.

One example is EIP 7702, which brought wallet delegation capability.

Wintermute research later found that 80% of addresses using the code were linked to malicious activity.

Does Sergenkov have an antidote?

In terms of staying safe, Sergenkov says, never copy addresses from your transaction history

or a block explorer. He also advises against making transfers if suffering from

lack of sleep, illness or anything else. But he has little faith that advice or educating

users will be able to keep up with such numerous and easily adaptable attack vectors.

What's needed is a fundamentally different environment where users don't have to learn how to

avoid losing all their money from a single mistake, where the risk reward of an attack rules

it out by itself. Got a tip? Send us an email securely via ProtosLeaks. For more informed

news and investigations, follow us on X, Blue Sky and Google News, or subscribe to our YouTube channel.