The dangers of prefix shortening: Ethereum address poisoning scams are disguising the highest number of transactions ever recorded, posing significant security risks.

While Ethereum demonstrates record-breaking on-chain activity, behind the scenes lies a large-scale scam campaign exploiting wallet designs that only display prefixes and suffixes. Detailed analysis of on-chain data reveals a harsh reality: most of the recent “prosperity” is driven not by genuine user demand but by automated spam attacks.

Spam activity is rewriting Ethereum’s on-chain records

Last week, the network processed approximately 2.9 million transactions in a single day, setting a new on-chain activity record. However, this seemingly bullish signal comes with a significant caveat. Ethereum’s price remains stagnant, hovering around $3,190 on Monday’s trading, down 0.7% over the past 24 hours.

In traditional market cycles, a surge in transaction count would indicate increased pressure on block space and a supply shortage. But this time, market reactions are entirely different. This strongly suggests that the apparent increase in activity does not reflect real user demand.

According to research by leading on-chain analysis expert Andrei Sergeenko, this abnormal activity spike is primarily caused by low-value “address poisoning” campaigns. Scammers send大量 small amounts of stablecoins to inflate transaction counts, creating the illusion of new user engagement.

80% of new addresses are manipulated through “dust” transfers of stablecoins

Sergeenko’s detailed analysis uncovers even more startling facts. About 80% of the abnormal increase in new Ethereum addresses is related to tiny transfers of stablecoins (so-called “dust”).

Investigating 5.78 million new addresses, approximately 3.86 million received less than $1 in their first stablecoin transaction. This is not organic network growth but a typical pattern of automated dusting attacks.

The scammers’ approach is even more sophisticated. They execute traceable transfers of less than $1 USDT and USDC, distributing dust to at least 10,000 different addresses. The largest operations used smart contracts to supply dust to multiple recipients within a single transaction, targeting hundreds of thousands of wallets.

Design that only displays prefixes accelerates scams

Understanding the address poisoning scheme requires knowledge of basic wallet design. Most wallets display long wallet addresses in a shortened form, showing only the prefix (initial few characters) and suffix (last few characters).

Scammers generate addresses similar to legitimate ones and send tiny amounts of stablecoins (often less than $1) from these fake addresses to victims’ wallets. These dust transactions insert fake addresses into users’ transaction histories.

Later, when users copy addresses from their transaction history, they may inadvertently copy a similar address with matching prefix and suffix. Without verifying every character, they risk sending funds to the scammer’s address. What appears to be a normal copy-and-paste operation can lead to serious financial loss.

Lower transaction fees have made address poisoning economically feasible

The scale of this scam scheme is linked to the Fusaka upgrade implemented in December, which drastically reduced Ethereum transaction fees.

Sergeenko points out that attackers are now exploiting this low-fee environment to deploy address poisoning attacks on an unprecedented scale. When fees were high, millions of low-value dust transfers were economically unviable. But with the dramatic fee reduction, strategies relying on vast numbers of potential scams have now become economically feasible, despite their low probability of success.

This situation highlights the complex relationship between Ethereum’s technological progress and its vulnerabilities. Low fees and smooth throughput demonstrate the network’s technical strength. At the same time, they significantly reduce operational costs for spam operations.

The market must distinguish between spam and organic growth

According to the latest data from February 2026, Bitcoin is trading around $78,100, down 11.34% over the past 7 days and 13.79% over the past 30 days. Ethereum shows a more pronounced decline, trading near $2,350, with an 18.67% drop over 7 days and 24.88% over 30 days.

The broader markets are also cautious. Gold has reached a record high of about $4,675, driven by concerns over trade wars and safe-haven demand amid threats of tariffs on Greenland by former President Trump. The Nikkei index has fallen approximately 0.7%, amid political uncertainty and rising bond yields.

Currently, the market indicates that record transaction volumes do not necessarily reflect strong fundamentals. If most activity is low-value noise, then record transaction counts could mislead about actual demand.

Until it becomes clear what proportion of Ethereum’s on-chain activity is driven by genuine users versus automated scams exploiting prefix manipulation, raw statistics alone cannot earn market participants’ trust. Accurately distinguishing spam from organic growth is crucial to truly assessing Ethereum’s strength.