In 2025, losses due to crypto phishing dropped significantly, but experts caution that while the threat has evolved, it hasn’t vanished. Reports indicate a notable decrease in funds lost to wallet-draining scams, even as attackers have experimented with new methods related to recent protocol updates.
Related Reading
Scam Sniffer Data Indicates Decline
Scam Sniffer’s 2025 report reveals that losses from wallet-draining phishing dropped to approximately $83.85 million, an 83% reduction from around $494 million in 2024.
The total number of impacted wallets fell to around 106,000, marking a 68% year-over-year decline. These statistics come from the platform’s annual report and have gained traction among major crypto news outlets.
Attackers Adapt, Not Cease
In 2025, only 11 incidents exceeded $1 million, down from 30 the previous year, indicating fewer major thefts but an increase in smaller scams. The most significant theft recorded last year was about $6.5 million, linked to a harmful Permit signature attack.
Average losses per victim decreased to around $790, suggesting that attackers are shifting to more frequent, lower-value strikes.
Market Movements Played a Role
Losses mirrored market dynamics. The third quarter experienced the highest damage, totaling around $31 million, coinciding with Ethereum’s surge that attracted more users and activity on-chain.
Monthly peaks were noted in August, with approximately $12.17 million in losses, while December recorded the least, about $2 million. This trend indicates that fraudsters tend to target active trading periods.
1/ Ever woken up to find your crypto wallet empty? Scammers have drained over $107K across EVM chains JUST THIS WEEK (per @zachxbt), making it more alarming than ever!
Shoutout to @realscamsniffer for their 2025 report – despite losses dropping 83%, threats are evolving rapidly. Let’s review & prepare for 2026… https://t.co/uSerpsg80d
— JP (@rugpullfinder) January 3, 2026
Permit Signatures and Emerging Vectors
Reports have pointed to abuses of Permit and Permit2 signatures as significant contributors to major losses, constituting a large portion of multi-million dollar thefts.
Scam Sniffer also identified EIP-7702 batch signature techniques employed in various complex attacks following network upgrades. Security teams assert that these strategies exploit user approval processes rather than direct smart-contract vulnerabilities.
Reasons for the Decline
Analysts attribute much of the positive change to enhanced wallet warnings, broader utilization of approval revocation tools, and more vigilant monitoring by on-chain trackers.
Some commentators suggest that reduced market excitement during certain periods led to a decrease in high-value targets. Nevertheless, multiple sources emphasize that lower totals don’t guarantee safety.
Related Reading
Reports suggest that phishing will likely remain cyclical, with losses potentially surging again during significant market rallies or upon the introduction of new signing functions.
Security firms encourage users to review approvals, avoid blind signing, and utilize wallet tools that alert them to risky requests. While regulators and exchanges monitor the trend, individual users and wallet software still bear the responsibility for many attacks.
Featured image from Unsplash, chart from TradingView
