Crypto phishing incidents linked to wallet drainers saw a dramatic decline in 2025, with total losses plummeting to $83.85 million. This figure marks an 83% drop from the nearly $494 million lost in 2024, according to a recent report by Web3 security platform Scam Sniffer. The report also highlighted a significant reduction in the number of victims, which fell to 106,000, representing a 68% decrease compared to the previous year.
Despite this substantial decrease, the report cautioned that phishing activities are far from eradicated. Instead, losses appeared to be closely tied to market cycles, increasing during periods of heightened on-chain activity and subsiding when markets cooled off. The third quarter of 2025, coinciding with Ethereum (ETH)”s most robust rally of the year, recorded the peak phishing losses at $31 million. Notably, the months of August and September accounted for nearly 29% of the annual total.
The report articulated that “when markets are active, overall user activity increases, and a percentage fall victim—phishing operates as a probability function of user activity.” Monthly losses varied significantly, ranging from $2.04 million in December, the year”s quietest month, to $12.17 million in August, during peak trading periods.
Among the reported cases, one notable incident involved a $6.5 million phishing theft in September, which utilized a malicious Permit signature. This indicates that Permit and Permit2 approvals remain particularly effective tools for cybercriminals. Overall, attacks based on Permit signatures accounted for 38% of losses in incidents where losses exceeded $1 million.
Additionally, 2025 witnessed the emergence of a new attack vector involving EIP-7702–based malicious signatures. Following Ethereum”s Pectra upgrade, these signatures allowed attackers to exploit account abstraction by bundling multiple harmful actions into a single user signature. Two significant EIP-7702 incidents in August led to losses of $2.54 million, showcasing the rapid adaptation of attackers to protocol-level modifications.
Interestingly, the report noted a decline in large-scale phishing incidents, with only 11 cases surpassing $1 million in losses for 2025, down from 30 in 2024. However, attackers are increasingly favoring lower-value, higher-volume strategies. The average loss per victim decreased to $790, suggesting a shift towards broader, retail-focused campaigns rather than isolated, high-profile thefts. The report concluded by emphasizing that the drainer ecosystem remains active, with new drainers emerging to replace those that exit the scene.
In related news, crypto hack losses also fell sharply, with a report indicating that losses from hacks and cybersecurity breaches dropped to approximately $76 million in December, down 60% from November”s $194.2 million.
