Crypto-phishing attacks linked to wallet drainers declined sharply in 2025, with total losses dropping to $83.85 million, an 83% drop from nearly $494 million recorded the previous year.
Key points to remember:
- Losses from phishing via wallet drainers fell 83% in 2025, but attackers remain active and adaptive.
- Phishing spikes followed the market recovery, with Ethereum’s rise in the third quarter leading to the highest losses of the year.
- Permit-based approvals and new EIP-7702 exploits remain major risks for users.
The number of affected users also fell to around 106,000, a 68% year-over-year decrease, according to a new report from Web3 security platform Scam Sniffer.
The results indicate a significant slowdown in one of crypto’s most persistent threats, with fewer victims and lower overall losses, even as attackers continue to refine their methods.
Crypto phishing losses increase during market rallies, report warns
Despite this sharp decline, the report warns that phishing activity has not disappeared. Instead, losses closely followed broader market cycles.
Periods of increased on-chain activity have been followed by spikes in phishing incidents, while calmer markets have seen losses ease.
The third quarter of 2025, which coincided with Ethereum’s strongest rally of the year, saw the highest losses at $31 million. The months of August and September alone represent almost 29% of total annual losses.
Scam Sniffer described phishing as a “probability function of user activity,” noting that higher transaction volumes tend to increase the pool of potential victims.
Monthly losses ranged from just $2.04 million in December, the quietest month, to $12.17 million in August, when trading activity peaked.
The Scam Sniffer 2025 report is out!
Crypto phishing losses dropped 83% – $494 million → $83.85 million, with 106,000 victims (-68%).
But the threat followed the market: rally in the third quarter = highest losses. The exploitation of EIP-7702 appeared after Pectra.
Full report
— Scam sniffer | Web3 Anti-Scam (@realScamSniffer) January 3, 2026
The Scam Sniffer 2025 report is out!
https://t.co/qziSEjiEVxThe largest incident of the year involved a $6.5 million theft in September linked to malicious permit signing.
Permit and Permit2 approvals remain the most effective tools for attackers, accounting for 38% of losses in cases exceeding $1 million.
Data suggests that trust-based exploits continue to pose a major risk, particularly for users interacting with unfamiliar applications.
The report also highlights the emergence of new attack vectors. Following Ethereum’s Pectra upgrade, attackers began abusing EIP-7702-based malicious signatures, which allow multiple harmful actions to be bundled into a single user approval.
Two such incidents in August resulted in losses of $2.54 million, highlighting how quickly attackers adapt to protocol changes.
Crypto phishers move from big heists to mass attacks
Large-scale attacks have become less frequent, with only 11 cases exceeding $1 million in 2025, compared to 30 the previous year. At the same time, attackers appeared to be shifting toward lower-value, higher-volume campaigns.
The average loss per victim fell to $790, indicating a broader focus on individual users rather than isolated, high-profile thefts.
As reported, an attacker siphoned funds from hundreds of crypto wallets on Ethereum Virtual Machine (EVM)-enabled networks, draining small sums from each address in what onchain investigator ZachXBT described as a large, low-value operation.
Although individual losses were limited, generally less than $2,000 per wallet, the scale of the incident indicates a coordinated campaign rather than an isolated breach.
At the same time, cryptocurrency losses from hacks and cybersecurity exploits declined sharply in December, falling 60% month-over-month to around $76 million.
Post-Wallet Drainer Phishing Losses Drop to $84 Million in 2025, Down 83% appeared first on Cryptonews.
