Crypto Phishing Losses Fell 83% in 2025, But Wallet Drainer Ecosystem 'Remains Active'

Crypto phishing losses tied to wallet drainers fell by 83% in 2025, dropping to $83.85 million from nearly $494 million in 2024. The number of victims also declined significantly to 106, a 68% drop year over year according to a report. Despite the decrease, the report warned that phishing activity remained active, closely following market trends and exploiting periods of heightened onchain activity as research shows.

The drop in losses corresponded with a cooling of the crypto market, but phishing attacks remained a cyclical threat, surging during market rallies. The third quarter of 2025 saw the highest phishing losses at $31 million, driven by Ethereum's strongest rally of the year. Monthly losses ranged from $2.04 million in December to $12.17 million in August, aligning with market cycles.

The largest single phishing incident in 2025 was a $6.5 million loss in September, attributed to a malicious Permit signature. Permit-based attacks accounted for 38% of losses in incidents exceeding $1 million according to data.

Why Did This Happen?

Phishing activity remained active in 2025, but the nature of attacks evolved. Larger-scale incidents declined, with only 11 cases exceeding $1 million in 2025, down from 30 in 2024. Attackers increasingly favored smaller, higher-frequency strategies, with average losses per victim dropping to $790.

The report noted that phishing activity is highly correlated with market conditions. When onchain activity is high, more users are exposed to potential phishing risks as research indicates. The report warned that phishing is a "probability function of user activity," and thus, market volatility directly impacts the likelihood of successful attacks according to the report.

What Are Analysts Watching Next?

A new attack vector emerged in 2025 with the implementation of EIP-7702. Shortly after Ethereum's Pectra upgrade, attackers exploited account abstraction to bundle multiple harmful actions into a single user signature according to analysis. Two major EIP-7702 cases in August 2025 resulted in $2.54 million in losses, showing how quickly attackers adapt.

Scam Sniffer emphasized that the wallet drainer ecosystem remained active, with old players exiting and new ones entering the space according to the platform. Despite a drop in trackable losses, the report suggested that phishing attacks may have shifted to more sophisticated, harder-to-track methods, such as private key compromises and targeted social engineering as research shows.

How Is the Industry Responding?

The broader threat landscape saw a shift in tactics, with attackers moving toward supply chain compromises and frontend exploits. In a separate report, SlowMist noted that 2025 saw total crypto hack losses of $2.935 billion, a 46% increase from 2024, despite a 51% drop in the number of incidents according to the report. DeFi remained a primary target, with 126 incidents and $649 million in losses according to the report.

Centralized exchanges also experienced significant breaches, with Bybit suffering a $1.46 billion loss in February 2025, the largest single incident of the year. The report highlighted that attackers increasingly targeted high-value, centralized chokepoints rather than low-value, high-frequency attacks according to the report.

Regulatory enforcement also intensified in 2025, with stablecoin issuers like Tether and Circle freezing over $387 million in stolen funds across 18 major incidents. Anti-Money Laundering (AML) and Know Your Customer (KYC) protocols became baseline requirements for platforms operating in the crypto space according to industry analysis.

Outlook for 2026

Despite a reduction in phishing losses, the threat persists and evolves. The report noted that attackers are adapting to protocol upgrades and shifting toward more sophisticated methods, such as AI-driven social engineering and malware-as-a-service models according to the report.

Scam Sniffer advised that wallet security integration and user education remain critical defenses against phishing attacks as research shows. As the market moves into 2026, the report warned that phishing activity may rise again with increased onchain activity, particularly during market rallies as the data shows.

The decline in trackable losses may also reflect a shift toward less visible attack vectors, such as private key compromises and targeted phishing campaigns according to the report. The threat landscape is now bifurcated: mass phishing for retail users and sophisticated, high-value attacks for institutional targets according to analysis.

The numbers may have changed, but the threat remains active. As attackers continue to evolve, the crypto industry must remain vigilant in defending against emerging risks according to the report.