Crypto phishing losses plunged in 2025, but experts warn the threat has only changed shape rather than disappeared. Reports show a sharp fall in money stolen by wallet-draining scams, even as attackers tested new tricks tied to recent protocol changes.
According to Scam Sniffer’s 2025 analysis, wallet drainer phishing losses fell to about $83.85 million — an 83% decline from roughly $494 million in 2024.
The number of affected wallets dropped to around 106,000, a fall of about 68% year-on-year. These figures come from the security platform’s annual study and were picked up by major crypto outlets.
Only 11 incidents topped $1 million in 2025, down from 30 the prior year, signaling fewer headline grabs but a rise in smaller hits. The largest single theft recorded last year was roughly $6.5 million, tied to a malicious Permit signature attack.
Average losses per victim fell to roughly $790, which suggests attackers moved toward more frequent, lower-value strikes.
Market Moves Mattered
Losses followed market activity. The third quarter logged the highest damage at about $31 million, when Ethereum’s rally brought more users and approvals onchain.
Monthly peaks included August, which posted about $12.17 million, while December was the quietest with roughly $2 million. That pattern shows fraudsters target busy trading windows.
1/ Ever woken up to an empty crypto wallet? With scammers draining $107K+ across EVM chains JUST THIS WEEK (per @zachxbt), it’s scarier than ever!
Shoutout to @realscamsniffer for their 2025 report – losses down 83%, but threats are evolving FAST. Let’s recap & warn on 2026… https://t.co/uSerpsg80d
— JP (@rugpullfinder) January 3, 2026
Permit Signatures And New Vectors
Reports highlighted Permit and Permit2 signature abuses as a major driver of big losses, accounting for a large share of multi-million cases.
Scam Sniffer also flagged EIP-7702 batch signature techniques that were used in a few complex attacks after network upgrades. Security teams say these methods exploit user approval flows rather than raw smart-contract bugs.
Why The Drop Happened
Analysts attribute much of the improvement to better wallet warnings, wider use of approval revocation tools, and more active tracking by onchain monitors.
Some defenders also point to reduced market froth in parts of the year, which lowered the pool of high-value targets. Still, multiple outlets stress that reduced totals do not equal safety.
Based on reports, phishing will likely remain cyclical: losses could spike again during big rallies or when new signing features are introduced.
Security firms urge users to check approvals, avoid blind signing, and use wallet tools that flag risky requests. Regulators and exchanges are watching the trend, but responsibility for many attacks still falls to individual users and wallet software.
Featured image from Unsplash, chart from TradingView
—
Blog powered by G6
Disclaimer! A guest author has made this post. G6 has not checked the post. its content and attachments and under no circumstances will G6 be held responsible or liable in any way for any claims, damages, losses, expenses, costs or liabilities whatsoever (including, without limitation, any direct or indirect damages for loss of profits, business interruption or loss of information) resulting or arising directly or indirectly from your use of or inability to use this website or any websites linked to it, or from your reliance on the information and material on this website, even if the G6 has been advised of the possibility of such damages in advance.
For any inquiries, please contact [email protected]
