Ethereum News Today: Ethereum Upgrade Exploited: $12M Stolen via Sophisticated Phishing

Losses from phishing scams in the cryptocurrency sector surged by 72% in August 2025, with over $12 million stolen from victims, according to reports from Scam Sniffer and other cybersecurity platforms. The rise in scam activity coincided with a 67% increase in the number of victims, with 15,230 users falling prey to various phishing schemes. This marks the highest number of victims recorded in the first half of 2025 and highlights a growing trend of sophisticated attacks exploiting Ethereum-based protocols.

A particularly concerning development was the proliferation of EIP-7702 signature scams, which leveraged a 2025 EthereumETH-- upgrade to allow externally owned accounts to act like smart contract wallets. This functionality enabled attackers to siphon funds from compromised wallets by routing transactions through legitimate-looking platforms such as UniswapUNI--. Scam Sniffer noted that three major incidents in August alone drained over $5.6 million, with attackers using automated sweeper bots to move assets immediately after deposit. The EIP-7702 vulnerability has been further exploited by malicious actors targeting World Liberty Financial (WLFI) token holders, where phishing attacks led to the theft of funds after private key compromises.

The largest single loss in August was reported by a whale who lost $3.08 million in a single transaction involving aEthUSDT tokens. Three users collectively accounted for 46% of the total August losses, with two of them losing over $1.54 million and $1 million, respectively. These incidents were primarily linked to EIP-7702-based batch transactions, where victims unknowingly approved malicious transfers. Yu Xian of SlowMist highlighted that attackers were using phishing mechanisms to pre-plant EIP-7702 delegate contracts in compromised addresses, allowing for immediate token theft once the tokens were unlocked. Some WLFI holders reported being unable to move their tokens due to fears of instant theft, even during the process of sending gas fees.

Address poisoning remained another persistent issue, with victims often misdirecting funds due to fake deposit addresses that mimicked legitimate ones. One user lost $636,559 after sending tokens to a malicious address that shared similar characters with the intended one. Scam Sniffer noted an increase in malicious advertisements on platforms like Google and Bing, which led users to phishing sites disguised as DeFi interfaces. These tactics underscore the evolving nature of phishing scams, where attackers combine social engineering with technical exploits to maximize their reach.

The broader crypto landscape also faced significant threats in August, with malicious activity leading to over $163 million in losses across various hacks and exploits. Security experts emphasize that the surge in phishing attacks is not a one-off event but part of an ongoing trend driven by the rapid innovation in blockchain protocols. While developers introduce new tools to enhance user experience, bad actors quickly adapt to exploit vulnerabilities. Analysts suggest that users must remain vigilant by adopting best practices, such as enabling two-factor authentication, avoiding suspicious links, and verifying URLs before initiating transactions.

Scam Sniffer and other security firms recommend that users bookmark trusted exchange websites instead of relying on search engines and exercise caution when handling sensitive information such as seed phrases. These measures can help mitigate the risk of falling victim to phishing attacks, although no strategy can fully eliminate the threat in an environment where attackers continuously refine their methods. As phishing scams show no signs of slowing down, the emphasis for crypto users must shift from prevention to robust risk management, ensuring they stay informed and prepared for emerging threats.

Source: [1] Phishing scams cost users over $12M in August (https://cointelegraph.com/news/phishing-scams-cost-users-12m-august-stay-safe) [2] Phishing scams surge in August 2025 with number of ... (https://www.mitrade.com/au/insights/news/live-news/article-3-1101819-20250907) [3] Hackers are using the 'classic EIP-7702' exploit to snatch ... (https://cointelegraph.com/news/wlfi-token-holders-falling-prey-classic-wallet-exploit) [4] Here's How Much Crypto Investors Lost to Phishing Scams ... (https://coindoo.com/heres-how-much-crypto-investors-lost-to-phishing-scams-in-august/) [5] Hackers Using Ethereum Smart Contracts to Deliver Malware (https://finance.yahoo.com/news/hackers-using-ethereum-smart-contracts-142625739.html) [6] Crypto industry lost $22.7bn in scams and hacks since 2011 (https://www.thenationalnews.com/business/money/2025/09/06/crypto-ethereum-bitcoin/)