Mass Ethereum Address-Poisoning Wave (Dec 2025-Jan 2026)
Summary
A large-scale industrialized campaign of Ethereum address-poisoning attacks surged sharply following the December 3, 2025 Fusaka protocol upgrade, which reduced per-transaction gas fees by approximately 67% and made high-volume dust-transfer campaigns economically viable at unprecedented scale. Two high-profile victims suffered a combined loss of approximately $62.2 million between December 2025 and January 2026, with a single victim losing $49,999,950 in USDT on December 19, 2025. An independent academic study published by Carnegie Mellon University researchers (Tsuchiya et al., presented at USENIX Security 2025) quantified the broader campaign at 270 million on-chain poisoning attempts targeting 17 million wallets across Ethereum and BNB Smart Chain from July 2022 to June 2024, with confirmed losses of at least $83.8 million over that earlier study period.
Connected Entities
1 entities · 10 linked investigationsTimeline(11 events)
2022-07-01
Start of the CMU/CyLab study window. Researchers begin measuring address-poisoning attempts across Ethereum and BNB Smart Chain.
arXiv:2501.16681 / CyLab CMU2024-06-30
End of the CMU/CyLab study window. By this date, 270 million poisoning attempts targeting 17 million wallets and $83.8 million in confirmed losses documented across two years.
arXiv:2501.16681 / CyLab CMU2025-11-01
628,000 address-poisoning attempts recorded for the month of November 2025 — a pre-Fusaka baseline figure.
ScamSniffer via Crypto.news / BeinCrypto2025-12-03
Ethereum Fusaka hard fork activates on mainnet at 21:49 UTC, incorporating PeerDAS (EIP-7594) and 12 additional EIPs, reducing gas fees approximately 67% and lowering per-dust-transfer cost to $0.10–$0.15.
CoinDesk2025-12-19
Single victim loses $49,999,950 USDT in an address-poisoning attack. Stolen USDT is converted to DAI and then approximately 16,680 ETH is deposited into Tornado Cash within 30 minutes. Victim posts on-chain bounty message offering $1M for return of 98% of funds within 48 hours.
CoinDesk / Web3 Antivirus2026-01-07
CMU CyLab publishes press release on the USENIX Security '25 blockchain address poisoning study (arXiv preprint 2501.16681 posted same month). Study reports 270M attempts, 17M victims, $83.8M confirmed losses over the July 2022–June 2024 window.
CyLab CMU news2026-01-01
January 2026: poisoning attempts reach 3.4 million for the month, a 5.5x increase vs November 2025. USDT dust transfers (sub-$0.01) total approximately 29.9 million for the month, up 612% from pre-Fusaka levels.
ScamSniffer / Etherscan via multiple news outlets2026-01-01
Second high-profile victim loses approximately $12.25 million (4,556 ETH equivalent) in an address-poisoning attack in January 2026.
ScamSniffer via Cointelegraph / Crypto.news2026-01-31
January 2026 signature phishing losses reach $6.27 million across 4,741 victims — a 207% increase over December 2025 — with two wallets responsible for 65% of the damage.
ScamSniffer via Decrypt2026-02-08
ScamSniffer publishes X post reporting combined $62.2 million in address-poisoning losses from two victims across December 2025 and January 2026.
ScamSniffer X post, cited by Cointelegraph / Crypto.news2026-03-13
Etherscan issues public advisory warning Ethereum users of the automated post-Fusaka address-poisoning surge, recommending full address verification, Address Highlight feature usage, and ENS adoption.
FXStreet / ETHNewsDecision Log
- hash: Bvi5Qcqz2Nh25iRb7stsjkuACcCsevXAi1tJ1zAEGgcA
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-code-investigator
generated: 6/8/2026, 2:45:41 AM
last updated: 6/8/2026, 2:45:46 AM
avoid.net — verified advice for a post-truth world