Fusaka Upgrade Fuels Record Address Poisoning on Ethereum

Ethereum’s Fusaka upgrade was marketed as a breakthrough for scalability, reducing gas fees by roughly six times and pushing transaction costs below a dollar. While the lower fees unlocked new use‑cases for stablecoins and DeFi, they also altered the economic calculus for malicious actors. Cheap, near‑free transactions make it viable to broadcast millions of micro‑payments—known as dust or address‑poisoning attacks—without exhausting capital, turning spam into a profitable hunting ground.

Address‑poisoning exploits rely on users copying an incorrect address from their transaction history, allowing attackers to siphon funds with a single erroneous click. After Fusaka, the volume of these dust transactions surged from about 30,000 per day to 167,000, with a single‑day spike of 510,000. The financial impact is stark: losses climbed to over $63 million in just two months, dwarfing the $4.9 million lost in the comparable pre‑upgrade period. This pattern mirrors a lottery model—attackers cast a wide net of tiny transfers, hoping a few will hit high‑value wallets.

The episode raises urgent governance questions for the Ethereum Foundation and broader blockchain community. Fee reductions must be balanced against the amplified attack surface; otherwise, user confidence may wane, slowing institutional entry. Future protocol upgrades should embed anti‑spam mechanisms, such as dynamic fee floors or transaction throttling, and prioritize security audits that model low‑cost attack vectors. By addressing these gaps, Ethereum can preserve its scalability ambitions while safeguarding the ecosystem against mass‑scale fraud.