The truth behind Ethereum's activity surpassing L2: Address poisoning attacks are polluting on-chain data

Ethereum mainnet activity data for January looks good, with daily active addresses approaching 1 million at one point, even briefly reaching 1.3 million on January 16th, surpassing several Layer 2 networks. However, behind this impressive data, there is an uncomfortable truth: a large amount of fake activity is infiltrating the metrics.

“False Prosperity” in Activity Data

According to Token Terminal statistics, Ethereum’s daily active addresses did see a noticeable rebound in January. But security researcher Andrey Sergeenkov points out that the authenticity of this data warrants skepticism.

This fluctuation is not entirely due to genuine on-chain activity growth but is highly related to address poisoning and similar attacks.

Address Poisoning Attacks: A New On-Chain Threat

Address poisoning is a relatively new attack method that appears simple in principle but has significant effects:

• Attack Method: Attackers send大量 small stablecoin transfers to numerous wallets in bulk
• Fake Effect: These tiny transfers cause fake addresses to appear in victims’ transaction records
• Targeted Deception: Victims viewing transaction history may mistakenly believe these fake addresses are real, leading to erroneous fund transfers
• Data Pollution: These false transfer activities are counted in on-chain active address statistics, inflating the apparent activity

Dual Impact on On-Chain Data

This type of attack directly impacts Ethereum data analysis:

Active address count is overestimated

While the number of addresses seems to be increasing, many are “activated” merely because they received poisoning transfers. These addresses haven’t engaged in genuine on-chain interactions; they are passive victims of attacks.

Difficulty in accurately assessing on-chain activity

Investors and analysts rely on active address data, which has lost its reliability. When the data is mixed with大量 non-authentic activity, metrics used to gauge the health of the Ethereum network become unreliable.

Signs of Genuine Activity Recovery Still Present

Despite data pollution, there are signs that activity on the Ethereum mainnet is genuinely recovering. This mainly stems from:

• Transaction fees decreasing in January, reducing user interaction costs
• This has attracted some users back to the mainnet
• Compared to Layer 2 solutions, which have lower fees, the depth and security of the mainnet ecosystem remain attractive

However, the problem is that we cannot accurately distinguish between genuine user re-engagement and fake activity created by poisoning attacks.

Additional Market Context

From related market data, Ethereum currently faces ongoing pressure:

• ETH price at $2934.90, down 1.72% in 24 hours, down 11.37% over 7 days
• In the past 24 hours, CEXs experienced a net outflow of 38,600 ETH, indicating continued withdrawal sentiment
• This contrasts with the “prosperity” suggested by active address data, reflecting a more cautious market sentiment based on fundamentals

Summary

The rebound in Ethereum mainnet activity is real, but the current active address data contains significant distortions. The rise of address poisoning attacks reminds us that on-chain data analysis requires more cautious interpretation—数字增长 alone does not equate to network health. Genuine activity recovery should be validated through multiple dimensions, such as actual transaction volume, Gas consumption, and independent active user metrics, rather than relying solely on potentially polluted address counts. For investors, this serves as a reminder: when evaluating on-chain projects and network conditions, beware of data traps and seek more robust, hard-to-fake indicators.