Crypto phishing attacks linked to wallet tapping fell sharply in 2025, with total losses falling to $83.85 million, an 83% year-over-year decline from nearly $494 million in 2024.
The number of victims also dropped significantly to 106,000, down 68% from the previous year, Web3 security platform Scam Sniffer said in its new report analyzing signature-based phishing in Ethereum Virtual Machine (EVM) chains.
Despite the sharp decline, the report warned that phishing activity has not gone away. Instead, losses closely followed market cycles, rising during periods of higher onchain activity and declining as markets cooled. The third quarter of 2025, which coincided with Ethereum’s (ETH) strongest rally of the year, recorded the highest phishing losses of $31 million, with August-September accounting for nearly 29% of annual losses.
“When markets are active, overall user activity increases and a percentage become victims – phishing works as a probability function of user activity,” the report said. Monthly losses ranged from $2.04 million in December, the quietest month, to $12.17 million in August, during the peak of market activity.
Related: ‘Hundreds’ of EVM Wallets Drained in Mysterious Attack: ZachXBT
A $6.5 million phishing attack will surpass losses in 2025
The largest phishing theft of the year totaled $6.5 million in September and involved a malicious Permit signature, indicating that Permit and Permit2 approvals remain the most effective tools for attackers. Overall, permit-based attacks accounted for 38% of losses in incidents over $1 million.
However, 2025 also marked the emergence of a new attack vector. EIP-7702-based malicious signatures appeared shortly after Ethereum’s Pectra upgrade, allowing attackers to exploit account abstraction and bundle multiple malicious actions into a single user signature. Two major EIP-7702 cases in August resulted in $2.54 million in losses, highlighting how quickly attackers adapt to changes at the protocol level.
Notably, the number of large-scale incidents has declined, with only 11 cases exceeding $1 million in 2025, down from 30 in 2024. However, the report noted that attackers are increasingly favoring lower value, higher volume strategies. The average loss per victim fell to $790, indicating a shift towards broader, retail-focused campaigns rather than isolated, high-profile thefts.
“The drain ecosystem remains active – as old drains disappear, new ones emerge to fill the gap,” the report concludes.
Related: The number of crypto hacks is declining, but supply chain attacks are changing the threat landscape again
Losses from crypto hacks fell 60% in December
As Cointelegraph reported, crypto-related losses from hacks and cybersecurity exploits fell to about $76 million in December, down 60% from $194.2 million in November, according to PeckShield. The company recorded 26 major incidents during the month, indicating a slowdown in overall losses, even as attack activity continued.
The largest case involved a $50 million address poisoning scam, where attackers use similar wallet addresses to trick victims into misdirecting funds, while another incident saw $27.3 million lost due to a leak of a private key linked to a multi-signature wallet.
Magazine: Meet the onchain crypto detectives who fight crime better than the police
#Losses #crypto #phishing #fall #reports #Scam #Sniffer