Cryptophishing losses fell in 2025, but experts warn the threat has only changed shape rather than disappearing. Reports show a sharp drop in amounts stolen by wallet-draining scams, even as attackers test new tricks tied to recent protocol changes.
Related reading
Scam sniffer data shows decline
According to Scam Sniffer’s analysis of 2025, losses due to wallet drain phishing fell to approximately $83.85 million, an 83% decrease from approximately $494 million in 2024.
The number of affected wallets fell to around 106,000, a drop of around 68% year-over-year. These figures come from the security platform’s annual study and have been taken up by major crypto sites.
Attackers change, don’t stop
Only 11 incidents topped $1 million in 2025, compared to 30 the year before, indicating fewer headlines but an increase in smaller incidents. The largest theft recorded last year was approximately $6.5 million, linked to a Permit signature malware attack.
Average losses per victim fell to around $790, suggesting attackers have shifted to more frequent, lower-value strikes.
Market movements were significant
Losses followed market activity. The third quarter saw the largest damage, around $31 million, when Ethereum’s rally brought more users and approvals to the chain.
Monthly peaks include August, which recorded around $12.17 million, while December was the quietest with around $2 million. This pattern shows that fraudsters target busy trading windows.
1/ Have you ever woken up with an empty crypto wallet? With scammers draining over $107,000 from EVM channels JUST THIS WEEK (per @zachxbt), it’s scarier than ever!
Bravo to @realscamsniffer for their 2025 report – losses down 83%, but threats are changing RAPIDLY. Let’s recap and warn about 2026…
-JP (@rugpullfinder) January 3, 2026
Permit signatures and new vectors
Reports have highlighted that abuse of Permit and Permit2 signatures is one of the main drivers of large losses, accounting for a significant portion of several million cases.
Scam Sniffer also reported EIP-7702 batch signing techniques that were used in a few complex attacks after network upgrades. Security teams say these methods exploit user approval flows rather than raw smart contract bugs.
Why the decline happened
Analysts attribute much of the improvement to better wallet warnings, broader use of approval revocation tools, and more active monitoring by on-chain monitors.
Some advocates also point to a decrease in market froth during parts of the year, which has reduced the pool of high-value targets. However, several media outlets emphasize that reduced totals are not synonymous with security.
Related reading
According to reports, phishing will likely remain cyclical: losses could increase again during large rallies or when new signature features are introduced.
Security companies urge users to check approvals, avoid blind signing, and use wallet tools that flag risky requests. Regulators and exchanges are monitoring the trend, but the blame for many attacks still lies with individual users and wallet software.
Featured image from Unsplash, chart from TradingView
