2025 Sees Sharp Drop in Crypto Phishing Losses, Report Finds
The crypto phishing landscape looked very different in 2025 than it did a year earlier - not because attackers disappeared, but because their effectiveness dropped sharply as user behavior and market conditions shifted.
A new analysis from Scam Sniffer shows that wallet-draining phishing attacks across Ethereum-compatible chains caused far less financial damage last year, even as the underlying threat continued to adapt and evolve.
- Crypto phishing losses dropped sharply in 2025, largely due to lower market activity rather than attackers disappearing.
- Scammers shifted toward smaller, higher-volume attacks, reducing average losses per victim.
- New Ethereum features were quickly exploited, showing phishing threats continue to evolve.
Losses plunge, but not for the reason many expect
Total funds stolen through phishing-linked wallet drainers fell to about $84 million in 2025, a dramatic decline compared with the previous year. The number of affected wallets also dropped steeply, landing near 106,000 victims.
At first glance, this might suggest that phishing is losing relevance. Scam Sniffer’s data tells a different story. The decline appears to be driven less by improved security alone and more by shifts in market activity. When trading slowed, phishing returns dried up. When activity picked up, losses followed.
In other words, phishing success still scales with user engagement.
Activity spikes remain prime hunting ground
The clearest example came during Ethereum’s strongest rally of the year. As onchain activity surged in late summer, phishing losses climbed with it. August and September together accounted for a disproportionate share of the year’s damage, while quieter months saw losses collapse to low single-digit millions.
Scam Sniffer described phishing as a probability game: the more transactions users sign, the more opportunities attackers have to slip malicious approvals through.
Attackers refine techniques instead of scaling size
While fewer dollars were stolen overall, attackers did not simply give up. Instead, they adjusted their strategy.
Large, headline-grabbing thefts became less common. Only a small number of incidents crossed the $1 million threshold in 2025, a sharp reduction from the year before. In their place came higher-volume, lower-value campaigns aimed squarely at retail users.
That shift dragged the average loss per victim down to under $800, suggesting that drainers increasingly favor small hits spread across thousands of wallets rather than a handful of massive scores.
Old tricks still work, new ones emerge fast
Despite all the changes, familiar tools remained effective. Malicious Permit-style signatures were still the single most damaging method, responsible for the largest individual theft of the year and a significant share of high-value losses.
At the same time, attackers quickly latched onto new protocol features. Shortly after Ethereum’s Pectra upgrade, scammers began abusing EIP-7702, which allows multiple actions to be bundled into one signature. That capability opened the door to more complex drainers, enabling attackers to extract funds with fewer user interactions.
Within weeks of the upgrade, several campaigns exploiting this mechanism had already caused millions in losses, underlining how quickly threat actors respond to changes at the protocol level.
The drainer ecosystem is shrinking, not dying
One of the report’s key conclusions is that phishing operations behave like a revolving door. As older drainers burn out or get exposed, new ones take their place, often reusing the same ideas with minor tweaks.
The result is a quieter but persistent threat environment. Losses may be lower, but the infrastructure behind phishing attacks remains active, waiting for periods of heightened market excitement to scale up again.
The takeaway for users is uncomfortable but clear. Phishing didn’t go away in 2025 – it simply became less profitable in a cooler market. If activity accelerates again, attackers are likely to follow, armed with both proven tricks and freshly adapted exploits.
The information provided in this article is for educational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.
Alex is an experienced financial journalist and cryptocurrency enthusiast. With over 8 years of experience covering the crypto, blockchain, and fintech industries, he is well-versed in the complex and ever-evolving world of digital assets. His insightful and thought-provoking articles provide readers with a clear picture of the latest developments and trends in the market. His approach allows him to break down complex ideas into accessible and in-depth content. Follow his publications to stay up to date with the most important trends and topics.
