The Ethereum network is currently experiencing another significant address poisoning campaign, where attackers spread fake addresses to private wallets. This malicious tactic involves sending fake tokens or small amounts of real assets, known as "dust," to obscure a wallet's genuine transaction history. Users who send funds to their last-used address without careful verification risk having their assets directed to the exploiter's wallets.
These attacks have coincided with a period of notably low transaction fees on the Ethereum network, which has made it cheaper for attackers to conduct these dust transactions. While address poisoning attacks have occurred during periods of high fees as well, the current campaign stands out as one of the more substantial ones.
On-chain researcher Andrey Sergeenkov brought attention to this attack, linking it directly to the current low fee environment on Ethereum.
Ethereum's Low Fees Enable Spam Transactions
The recent Fusaka update on Ethereum has dramatically reduced the cost of spam transactions, with standard ETH transfers now costing less than $0.01. Consequently, following January 12, Ethereum observed a rapid increase in new addresses, more than tripling the typical daily rate. This surge in activity was initially associated with stablecoins, a common type of token used in such schemes. However, Sergeenkov's analysis revealed that over 67% of these stablecoin transactions were "dust" – small amounts of funds designed to trace an address or inject a poisoned address into a wallet's history.
While some Ethereum wallets are designed to flag suspicious tokens, dust transactions involving legitimate stablecoins are not typically identified as malicious. The researcher identified three primary originating addresses responsible for sending these spam transactions to over 1.5 million wallets.
Ongoing Smart Contract Attacks on Ethereum
As of January 19, one of the identified smart contracts, 0x301d9bc22d66f7bc49329a9d9eb16d3ecc4a12b4, had distributed spam to more than 589,000 wallets. This contract had consumed approximately 2.5 ETH in fees within the preceding 24 hours, positioning it among the top 10 busiest Ethereum contracts. The contract utilized a "fundPoisoner" function to distribute tokens or ETH to thousands of intermediary addresses, which then funded user wallets with spam transactions.
This latest wave of attacks has affected 116 victims, resulting in total losses exceeding $740,000. The ultimate impact of poisoning attacks can vary widely depending on the victim's wallet holdings. Recently, one individual lost approximately $510,000 in a single address poisoning attack, which was attributed to the broader spam attack campaign.
While the Ethereum team did not intentionally create vulnerabilities, its latest upgrade inadvertently facilitated these spam activities. Although increased Ethereum activity is generally viewed positively, a portion of the new transactions were confirmed to be malicious spam.
The current attack appears to be ongoing, with new malicious contracts still active. Some of these attack smart contracts have been flagged for spreading spam transactions, and an additional 78,000 wallets have been dusted with fractions of stablecoins.
It is important to note that the recent research focused specifically on dust sent via stablecoins. A similar spam attack could potentially utilize fake tokens, low-value tokens, or other forms of dust. The most effective defense against these attacks is to remain vigilant, be aware of the potential risks, and meticulously double-check addresses before initiating any Ethereum transactions.