Crypto Phishing Losses Drop 83% in 2025, Report Finds

Generated by AI AgentNyra FeldonReviewed byShunan Liu
Sunday, Jan 4, 2026 1:08 pm ET2min read
ETH
--
Aime RobotAime Summary

- Scam Sniffer reported an 83% drop in crypto phishing losses to $83.85M in 2025, down from $494M in 2024, driven by reduced blockchain network engagement.

- Victims fell 68% to 106,106, with attackers shifting to smaller, frequent thefts averaging $790 per victim, reflecting evolving tactics amid market cycles.

- Q3 2025 saw $31M in losses during Ethereum's rally, while new EIP-7702-based attacks exploited account abstraction to bundle malicious actions.

- Despite progress, permit-based phishing (38% of >$1M losses) and persistent drainer ecosystems highlight ongoing risks as attackers adapt to protocol changes.

Crypto phishing losses fell 83% in 2025 to $83.85 million, according to a report by Scam Sniffer. This is a sharp decline from $494 million in 2024. The report highlighted that wallet drainer phishing attacks, specifically on EVM-compatible chains, were the primary focus of the analysis

according to the report
.

The number of victims also dropped significantly, with a 68% decline to 106,106 in 2025 from 332,000 in the previous year. Larger cases over $1 million in losses dropped 63.3% to 11 incidents from 30 in 2024

according to the report
.

Phishing losses were highest during Ethereum's Q3 rally, which saw $31.04 million in losses across 39,886 victims. This period accounted for 37% of annual phishing losses and aligned with one-quarter of the calendar year

according to the report
.

Why Did This Happen?

The report suggests that phishing activity is closely tied to market cycles. When user engagement on blockchain networks declines, so do phishing incidents. The third quarter of 2025 marked a peak in market activity, correlating with higher phishing losses

according to the report
.

August and September combined for $23.95 million in losses, or 29% of the yearly total, during the most active trading period. The average loss per victim was $778 in Q3, down from $969 in Q1

according to the report
.

How Did Markets Respond?

Monthly losses showed a significant decline in the fourth quarter, with just $13.09 million in losses across 22,592 victims. December saw the lowest monthly total at $2.04 million with 5,313 victims

according to the report
.

The average loss per victim fell to $790 in 2025, indicating a shift in attacker strategy toward smaller, more frequent thefts. This reflects a broader trend of attackers adapting to market conditions and protocol changes

according to the report
.

What Are Analysts Watching Next?

Permit-based phishing attacks remained a major concern, accounting for 38% of losses in incidents exceeding $1 million. The largest single phishing theft in 2025 totaled $6.5 million in September via a malicious Permit signature

according to the report
.

New attack vectors also emerged in 2025, such as EIP-7702-based malicious signatures. These appeared after Ethereum's Pectra upgrade and allowed attackers to exploit account abstraction to bundle multiple harmful actions into a single user signature

according to the report
.

Despite the significant drop in losses and victims, Scam Sniffer warned that the drainer ecosystem remains active. As older drainers exit, new ones emerge to fill the gap, ensuring the threat persists

according to the report
.

Separate data from PeckShield noted a 60% drop in crypto hack losses in December 2025, with total losses at $76 million. However, attacks remained frequent, with 26 major incidents recorded

according to the report
.

Overall, the report underscores the importance of ongoing vigilance and adaptation in the face of evolving phishing tactics. While the overall number of incidents and losses have dropped, the nature of the threat has evolved to remain relevant in changing market conditions

according to the report
.