The Lead
Global banking giant Citi has moved to debunk Ethereum’s recent on-chain milestones, attributing the network’s record 2.9 million daily transactions to an “industrial-scale” scam vector rather than organic adoption. In a client note reported by CoinDesk, Citi’s Digital Assets team warned that a surge in “address poisoning” attacks is inflating network metrics while draining millions from complacent investors. Ethereum (ETH) hovered near $2,940 (-1.4%) as the market digested the discrepancy.
The Mechanics of the Mirage
The bank’s warning aligns with forensic analysis from researcher Andrey Sergeenkov, who found that nearly 67% of the 12.6 million new Ethereum addresses created in the last 30 days received “dust” (transfers under $1) as their first interaction. The scam works by generating “vanity” addresses that mimic the first and last characters of a user’s legitimate counterparty. Attackers then flood the victim’s history with zero-value token transfers, betting the user will copy-paste the fraudulent address from their transaction log by mistake.
“Address poisoning has become disproportionately attractive for attackers… What developers are doing is reckless experimentation at users’ expense disguised as a revolution.” Andrey Sergeenkov
The Economics of Spam
The campaign’s scale is directly linked to the “Fusaka” network upgrade implemented in late 2025, which reduced average transaction fees to the $0.10–$0.20 range. While beneficial for legitimate users, the lower barrier to entry allowed attackers to automate the creation of 3.86 million “poisoned” wallets in weeks without incurring prohibitive costs. Sergeenkov identified specific smart contracts designed solely to batch-fund these thousands of decoy addresses with stablecoin dust.
Institutional Context
Citi’s intervention highlights a growing anxiety among institutional custodians regarding execution risk. The warning follows a catastrophic incident in December 2025 where a single trader lost $50 million after inadvertently copying a poisoned address. Since mid-December, another 116 victims have been identified with aggregate losses of $740,000, confirming the vector remains highly profitable despite a low conversion rate.
The UI Failure
The persistence of the attack exploits a fundamental weakness in crypto wallet interfaces: the truncation of addresses. By hiding the middle characters of a hexadecimal string, wallets make “0x123…abc” (legitimate) look identical to “0x123…abc” (malicious). Until wallet providers implement default whitelisting or clearer visual differentiators, the burden of verification remains entirely on the user.
