2025 Sees Sharp Drop in Crypto Phishing Losses, Report Finds

Source: Coindoo Original Title: 2025 Sees Sharp Drop in Crypto Phishing Losses, Report Finds Original Link: https://coindoo.com/2025-sees-sharp-drop-in-crypto-phishing-losses-report-finds/ The crypto phishing landscape looked very different in 2025 than it did a year earlier - not because attackers disappeared, but because their effectiveness dropped sharply as user behavior and market conditions shifted.

A new analysis from Scam Sniffer shows that wallet-draining phishing attacks across Ethereum-compatible chains caused far less financial damage last year, even as the underlying threat continued to adapt and evolve.

Key Takeaways

• Crypto phishing losses dropped sharply in 2025, largely due to lower market activity rather than attackers disappearing.
• Scammers shifted toward smaller, higher-volume attacks, reducing average losses per victim.
• New Ethereum features were quickly exploited, showing phishing threats continue to evolve.

Losses plunge, but not for the reason many expect

Total funds stolen through phishing-linked wallet drainers fell to about $84 million in 2025, a dramatic decline compared with the previous year. The number of affected wallets also dropped steeply, landing near 106,000 victims.

At first glance, this might suggest that phishing is losing relevance. Scam Sniffer’s data tells a different story. The decline appears to be driven less by improved security alone and more by shifts in market activity. When trading slowed, phishing returns dried up. When activity picked up, losses followed.

In other words, phishing success still scales with user engagement.

Activity spikes remain prime hunting ground

The clearest example came during Ethereum’s strongest rally of the year. As onchain activity surged in late summer, phishing losses climbed with it. August and September together accounted for a disproportionate share of the year’s damage, while quieter months saw losses collapse to low single-digit millions.

Scam Sniffer described phishing as a probability game: the more transactions users sign, the more opportunities attackers have to slip malicious approvals through.

Attackers refine techniques instead of scaling size

While fewer dollars were stolen overall, attackers did not simply give up. Instead, they adjusted their strategy.

Large, headline-grabbing thefts became less common. Only a small number of incidents crossed the $1 million threshold in 2025, a sharp reduction from the year before. In their place came higher-volume, lower-value campaigns aimed squarely at retail users.

That shift dragged the average loss per victim down to under $800, suggesting that drainers increasingly favor small hits spread across thousands of wallets rather than a handful of massive scores.

Old tricks still work, new ones emerge fast

Despite all the changes, familiar tools remained effective. Malicious Permit-style signatures were still the single most damaging method, responsible for the largest individual theft of the year and a significant share of high-value losses.

At the same time, attackers quickly latched onto new protocol features. Shortly after Ethereum’s Pectra upgrade, scammers began abusing EIP-7702, which allows multiple actions to be bundled into one signature. That capability opened the door to more complex drainers, enabling attackers to extract funds with fewer user interactions.

Within weeks of the upgrade, several campaigns exploiting this mechanism had already caused millions in losses, underlining how quickly threat actors respond to changes at the protocol level.

The drainer ecosystem is shrinking, not dying

One of the report’s key conclusions is that phishing operations behave like a revolving door. As older drainers burn out or get exposed, new ones take their place, often reusing the same ideas with minor tweaks.

The result is a quieter but persistent threat environment. Losses may be lower, but the infrastructure behind phishing attacks remains active, waiting for periods of heightened market excitement to scale up again.

The takeaway for users is uncomfortable but clear. Phishing didn’t go away in 2025 – it simply became less profitable in a cooler market. If activity accelerates again, attackers are likely to follow, armed with both proven tricks and freshly adapted exploits.