Losses from crypto phishing plummeted in 2025, but experts warn that the threat has only changed shape rather than disappearing. Reports show a sharp drop in money stolen through wallet-draining scams, even as attackers tried new tricks linked to recent protocol changes.
Related reading
Scam Tracker Data Shows Drop
According to Scam Sniffer’s 2025 analysis, wallet-draining phishing losses fell to approximately $83.85 million, an 83% decrease from approximately $494 million in 2024.
The number of affected wallets dropped to around 106,000, a drop of around 68% year-on-year. These figures come from the security platform’s annual study and were collected by the main encryption media.
The attackers change, they don’t stop
Only 11 incidents surpassed $1 million in 2025, down from 30 the previous year, indicating less headline-grabbing but an increase in smaller successes. The largest theft recorded last year was approximately $6.5 million, linked to a malicious permission signing attack.
Average losses per victim fell to approximately $790, suggesting attackers opted for more frequent, lower-value attacks.
Market Movements Matter
Losses followed market activity. The third quarter saw the biggest damage at around $31 million, as Ethereum’s rally brought more users and approvals onto the chain.
Monthly peaks included August, which recorded around $12.17 million, while December was the quietest at about $2 million. That pattern shows that scammers are targeting busy trading windows.
1/ Have you ever woken up with an empty crypto wallet? With scammers draining over $107K from EVM chains THIS WEEK JUST (per @zachxbt), it’s scarier than ever!
Greetings to @realscamsniffer for its 2025 report: losses decreased by 83%, but threats are evolving FAST. Let’s recap and warn about 2026… https://t.co/uSerpsg80d
— JP (@rugpullfinder) January 3, 2026
Permission signatures and new vectors
Reports highlighted abuses in permit and permit signing2 as one of the main factors causing large losses and accounting for a large portion of multi-million dollar cases.
Scam Sniffer also detected EIP-7702 batch signing techniques that were used in some complex attacks after network updates. Security teams say these methods exploit user approval flows rather than gross smart contract errors.
Why the fall occurred
Analysts attribute much of the improvement to better wallet warnings, broader use of approval revocation tools, and more active monitoring by on-chain monitors.
Some advocates also point to less market turmoil in some parts of the year, which reduced the pool of high-value targets. Still, several media outlets emphasize that reduced totals do not equal security.
Related reading
According to reports, phishing is likely to remain cyclical: losses could increase again during large rallies or when new signing features are introduced.
Security companies urge users to verify approvals, avoid blind signing, and use wallet tools that flag risky requests. Regulators and exchanges are watching the trend, but the responsibility for many attacks still lies with individual users and wallet software.
Featured image from Unsplash, chart from TradingView
