Crypto phishing losses plunged in 2025, but experts warn the threat has only changed shape rather than disappeared. Reports show a sharp fall in money stolen by wallet-draining scams, even as attackers tested new tricks tied to recent protocol changes.
Related Reading
Scam Sniffer Data Shows Drop
According to Scam Sniffer’s 2025 analysis, wallet drainer phishing losses fell to about $83.85 million — an 83% decline from roughly $494 million in 2024.
The number of affected wallets dropped to around 106,000, a fall of about 68% year-on-year. These figures come from the security platform’s annual study and were picked up by major crypto outlets.
Attackers Shift, Not Stop
Only 11 incidents topped $1 million in 2025, down from 30 the prior year, signaling fewer headline grabs but a rise in smaller hits. The largest single theft recorded last year was roughly $6.5 million, tied to a malicious Permit signature attack.
Average losses per victim fell to roughly $790, which suggests attackers moved toward more frequent, lower-value strikes.
Market Moves Mattered
Losses followed market activity. The third quarter logged the highest damage at about $31 million, when Ethereum’s rally brought more users and approvals onchain.
Monthly peaks included August, which posted about $12.17 million, while December was the quietest with roughly $2 million. That pattern shows fraudsters target busy trading windows.
1/ Ever woken up to an empty crypto wallet? With scammers draining $107K+ across EVM chains JUST THIS WEEK (per @zachxbt), it’s scarier than ever!
Shoutout to @realscamsniffer for their 2025 report – losses down 83%, but threats are evolving FAST. Let’s recap & warn on 2026… https://t.co/uSerpsg80d
— JP (@rugpullfinder) January 3, 2026
Permit Signatures And New Vectors
Reports highlighted Permit and Permit2 signature abuses as a major driver of big losses, accounting for a large share of multi-million cases.
Scam Sniffer also flagged EIP-7702 batch signature techniques that were used in a few complex attacks after network upgrades. Security teams say these methods exploit user approval flows rather than raw smart-contract bugs.
Why The Drop Happened
Analysts attribute much of the improvement to better wallet warnings, wider use of approval revocation tools, and more active tracking by onchain monitors.
Some defenders also point to reduced market froth in parts of the year, which lowered the pool of high-value targets. Still, multiple outlets stress that reduced totals do not equal safety.
Related Reading
Based on reports, phishing will likely remain cyclical: losses could spike again during big rallies or when new signing features are introduced.
Security firms urge users to check approvals, avoid blind signing, and use wallet tools that flag risky requests. Regulators and exchanges are watching the trend, but responsibility for many attacks still falls to individual users and wallet software.
Featured image from Unsplash, chart from TradingView
