Crypto Phishing Losses Fell 83% in 2025, But Wallet Drainer Ecosystem 'Remains Active'

Generated by AI AgentJax MercerReviewed byAInvest News Editorial Team
Saturday, Jan 3, 2026 7:50 am ET2min read
ETH
--
USDT
--
Aime RobotAime Summary

- 2025 crypto phishing losses dropped 83% to $83.85M, with victims falling 68% to 106, linked to market cooling and evolving attack tactics.

- Attackers shifted to smaller-scale, high-frequency schemes (avg. $790/loss) and exploited EIP-7702 account abstraction for bundled attacks in Q3 2025.

- DeFi and centralized exchanges faced major breaches ($649M and $1.46B losses), while regulators froze $387M in stolen funds via AML/KYC enforcement.

- 2026 outlook warns phishing may surge with market rallies, as attackers adopt AI-driven social engineering and malware-as-a-service models.

Crypto phishing losses tied to wallet drainers

fell by 83% in 2025
, dropping to $83.85 million from nearly $494 million in 2024. The number of victims also declined significantly to 106, a 68% drop year over year
according to a report
. Despite the decrease, the report warned that phishing activity remained active, closely following market trends and exploiting periods of heightened onchain activity
as research shows
.

The drop in losses corresponded with a cooling of the crypto market, but phishing attacks remained a cyclical threat, surging during market rallies. The third quarter of 2025 saw the highest phishing losses at $31 million,

driven by Ethereum's strongest rally of the year
. Monthly losses ranged from $2.04 million in December to $12.17 million in August,
aligning with market cycles
.

The largest single phishing incident in 2025 was a $6.5 million loss in September,

attributed to a malicious Permit signature
. Permit-based attacks accounted for 38% of losses in incidents exceeding $1 million
according to data
.

Why Did This Happen?

Phishing activity remained active in 2025, but the nature of attacks evolved. Larger-scale incidents declined, with only 11 cases exceeding $1 million in 2025,

down from 30 in 2024
. Attackers increasingly favored smaller, higher-frequency strategies,
with average losses per victim dropping to $790
.

The report noted that phishing activity is highly correlated with market conditions. When onchain activity is high, more users are exposed to potential phishing risks

as research indicates
. The report warned that phishing is a "probability function of user activity," and thus, market volatility directly impacts the likelihood of successful attacks
according to the report
.

What Are Analysts Watching Next?

A new attack vector emerged in 2025 with the implementation of EIP-7702. Shortly after Ethereum's Pectra upgrade, attackers exploited account abstraction to bundle multiple harmful actions into a single user signature

according to analysis
. Two major EIP-7702 cases in August 2025 resulted in $2.54 million in losses,
showing how quickly attackers adapt
.

Scam Sniffer emphasized that the wallet drainer ecosystem remained active, with old players exiting and new ones entering the space

according to the platform
. Despite a drop in trackable losses, the report suggested that phishing attacks may have shifted to more sophisticated, harder-to-track methods, such as private key compromises and targeted social engineering
as research shows
.

How Is the Industry Responding?

The broader threat landscape saw a shift in tactics,

with attackers moving toward supply chain compromises
and frontend exploits. In a separate report, SlowMist noted that 2025 saw total crypto hack losses of $2.935 billion, a 46% increase from 2024, despite a 51% drop in the number of incidents
according to the report
. DeFi remained a primary target, with 126 incidents and $649 million in losses
according to the report
.

Centralized exchanges also experienced significant breaches, with Bybit suffering a $1.46 billion loss in February 2025,

the largest single incident of the year
. The report highlighted that attackers increasingly targeted high-value, centralized chokepoints rather than low-value, high-frequency attacks
according to the report
.

Regulatory enforcement also intensified in 2025,

with stablecoin issuers like Tether and Circle freezing over $387 million
in stolen funds across 18 major incidents. Anti-Money Laundering (AML) and Know Your Customer (KYC) protocols became baseline requirements for platforms operating in the crypto space
according to industry analysis
.

Outlook for 2026

Despite a reduction in phishing losses, the threat persists and evolves. The report noted that attackers are adapting to protocol upgrades and shifting toward more sophisticated methods, such as AI-driven social engineering and malware-as-a-service models

according to the report
.

Scam Sniffer advised that wallet security integration and user education remain critical defenses against phishing attacks

as research shows
. As the market moves into 2026, the report warned that phishing activity may rise again with increased onchain activity, particularly during market rallies
as the data shows
.

The decline in trackable losses may also reflect a shift toward less visible attack vectors, such as private key compromises and targeted phishing campaigns

according to the report
. The threat landscape is now bifurcated: mass phishing for retail users and sophisticated, high-value attacks for institutional targets
according to analysis
.

The numbers may have changed, but the threat remains active. As attackers continue to evolve, the crypto industry must remain vigilant in defending against emerging risks

according to the report
.