Ethereum, a smart contract blockchain, can now handle more day-to-day activities than cheaper side chains called layer 2 networks. However, this revival has its pitfalls. It appears that not all Ethereum activity reflects true user demand.
The number of daily active addresses on Ethereum increased towards the 1 million mark earlier this month, briefly peaking at over 1.3 million on January 16, before settling at nearly 950,000, according to data source Token Terminal.
This gave Ethereum an edge over popular scaling networks such as Arbitrum, Base, and OP Mainnet, and reversed much of the narrative that users had permanently migrated away from L1.
An active address is a unique blockchain wallet that performs transactions such as sending, receiving, or interacting with smart contracts during a specific period of time (e.g., daily). Analysts track metrics to examine actual network usage beyond token price hype.
Layer 2 scaling networks are like side streets and highways built on top of the primary blockchain highway, Ethereum. These sidechains quickly and cheaply process large amounts of transaction traffic from the main chain and send the final aggregation back to the main chain for security.
The resurgence in Ethereum activity follows the Fusaka upgrade in December, which saw transaction fees slashed, making direct trading on Ethereum cheap again. Lower costs have helped revive on-chain activity for stablecoins, especially the primary use case for day-to-day money transfers.
At face value, this number suggests a “return to mainnet” moment. But analysts warn that raw address counts can be misleading, especially if prices drop significantly and spam becomes economical.
Address addiction confuses the situation
Imagine spam calls flooding your phone. Although the call records look busy, they are mostly junk and not real conversations. Something similar is happening with Ethereum, as a significant portion of January’s address growth was related to countering poisoning attacks rather than organic adoption.
Security researcher Andrei Sergenkov said in a post earlier this week that the spike roughly coincides with an increase in dusting operations in which attackers send small stablecoin transfers to millions of wallets.
Addressing addictive behaviors that exploit human behavior. Attackers generate wallet addresses that closely resemble the victim’s real address, often with matching first and last characters.
The fake address then appears in the victim’s transaction history as they send small “dust” transfers, typically less than $1. If the victim then copies the address from that history instead of a trusted source, the funds will be mistakenly transferred to the attacker.
According to Sergenkov’s analysis, the number of new Ethereum addresses surged to about 2.7 million during the peak week of January 12, about 170% above normal levels. Approximately two-thirds of these addresses received Dust as their first stablecoin transaction. This is a strong sign of poisoning activity rather than actual onboarding.
The attack has already caused losses of more than $740,000, with most of the stolen funds coming from a small number of victims. Lower fees following Fusaka appear to have made these campaigns viable, allowing attackers to spray large transactions with limited upfront costs.
The point is not that Ethereum usage is bogus, but that headline metrics need context.
It is clear that stablecoin activity in particular has returned to mainnet due to lower fees. At the same time, cheap transactions enable abuse and increase the number of addresses and transaction volumes.
