The good news for crypto holders is that crypto phishing attacks took a serious hit in 2025. Total losses from wallet drainer scams crashed to just $83.85 million, which, by the way, is an incredible 83% drop from the nearly $494 million stolen in 2024.
Even better, the number of victims tumbled 68% to around 106,000, according to a new report from Web3 security experts at Scam Sniffer.
Scam Sniffer dug deep into signature-based crypto phishing across EVM chains, and the numbers tell a story of relief.
However, crypto phishing attacks haven’t vanished… yet!
In Q3 2025, Ethereum’s biggest rally of the year lined up perfectly with the peak in crypto phishing losses, hitting $31 million.
Your completely free resource hub designed to boost your knowledge of cryptocurrencies
August and September alone grabbed nearly 29% of the year’s total damage.
As the report puts it, “When markets are active, overall user activity increases, and a percentage fall victim as crypto phishing operates as a probability function of user activity.”
Monthly figures swung wildly too, from a low of $2.04 million in sleepy December to a whopping $12.17 million in hot August.
The biggest single blow was a $6.5 million hit in September via a sneaky Permit signature scam. Those Permit and Permit2 tricks still rule for bad actors, making up 38% of losses in big-ticket incidents over $1 million.
But 2025 brought fresh twists in crypto phishing
Right after Ethereum’s Pectra upgrade, attackers pounced on EIP-7702 malicious signatures. This let them pack multiple nasty actions into one signature through account abstraction.
Two big August cases alone racked up $2.54 million in losses, proving that scammers adapt lightning-fast to new tech.
On the bright side, whale-sized thefts cooled off. Only 11 incidents topped $1 million, way down from 30 in 2024.
Scammers shifted gears to smaller, scattershot hits on everyday users, with the average loss per victim dipping to $790.
“The drainer ecosystem remains active as old drainers exit, and new ones emerge to fill the gap,” the report warns.
Crypto phishing attacks are evolving, not dying.
All in all, crypto phishing attacks took a breather in 2025, but with markets always cycling and new tools emerging, staying vigilant is non-negotiable.
