Crypto phishing attacks tied to wallet drainers dropped sharply in 2025, with total losses falling to $83.85 million, down 83% year over year from nearly $494 million in 2024.
The number of victims also declined significantly to 106, a 68% drop from the previous year, Web3 security platform Scam Sniffer said in its new report analyzing signature-based phishing across Ethereum Virtual Machine (EVM) chains.
Despite the steep fall, the report warned that phishing activity has not disappeared. Instead, losses closely followed market cycles, rising during periods of higher onchain activity and easing as markets cooled. The third quarter of 2025, which coincided with Ethereum (ETH)’s strongest rally of the year, recorded the highest phishing losses at $31 million, accounting for nearly 29% of annual losses.
“When markets are active, overall user activity increases, and a percentage fall victim — phishing operates as a probability function of user activity,” the report said. Monthly losses ranged from $2.04 million in December, the quietest month, to $12.17 million in August, during peak market activity.
Related: ‘Hundreds’ of EVM wallets drained in mysterious attack: ZachXBT
$6.5 million permit phishing attack tops 2025 losses
The largest single phishing theft of the year totaled $6.5 million in September and involved a malicious Permit signature, suggesting that Permit and Permit2 approvals remain the most effective tools for attackers. Overall, Permit-based attacks accounted for 38% of losses among incidents exceeding $1 million.
However, 2025 also marked the emergence of a new attack vector. EIP-7702–based malicious signatures appeared shortly after Ethereum’s Pectra upgrade, allowing attackers to exploit account abstraction and bundle multiple harmful actions into a single user signature. Two major EIP-7702 cases in August resulted in $2.54 million in losses, highlighting how quickly attackers adapt to protocol-level changes.
Notably, arge-scale incidents declined, with only 11 cases exceeding $1 million in 2025, down from 30 in 2024. However, the report noted that attackers increasingly favor lower-value, higher-volume strategies. The average loss per victim fell to $790, suggesting a shift toward broader, retail-focused campaigns rather than isolated, high-profile thefts.
“The drainer ecosystem remains active — as old drainers exit, new ones emerge to fill the gap,” the report concluded.
Related: Crypto hack counts fall, but supply chain attacks reshape threat landscape
Crypto hack losses fell 60% in December
As Cointelegrpah reported, crypto-related losses from hacks and cybersecurity exploits dropped to about $76 million in December, down 60% from November’s $194.2 million, according to PeckShield. The firm recorded 26 major incidents during the month, indicating a slowdown in overall losses even as attack activity remained persistent.
The largest case involved a $50 million address poisoning scam, where attackers use lookalike wallet addresses to trick victims into misdirecting funds, while another incident saw $27.3 million lost through a private key leak tied to a multi-signature wallet.
Magazine: Meet the onchain crypto detectives fighting crime better than the cops
