Crypto phishing losses fell sharply in 2025, signaling a major slowdown in one of the industry’s most persistent threats. According to a new report from Scam Sniffer, users lost about $83.85 million to signature-based phishing attacks this year — an 83% drop from the $494 million recorded in 2024.
The decline wasn’t limited to dollar losses. The number of victims also dropped significantly, falling 68% to 106,106 users, compared with more than 332,000 victims last year. Large-scale phishing attacks became far less common, with incidents exceeding $1 million dropping to just 11 cases, down from 30 in 2024.
The report focuses specifically on wallet drainer attacks carried out through phishing websites on EVM-compatible blockchains. It excludes direct hacks, exchange breaches, and smart contract exploits, offering a clearer picture of how signature-based scams are evolving.
Losses peaked during market excitement
While overall losses were much lower, phishing activity still followed familiar market patterns. The third quarter of the year saw the highest losses, totaling $31.04 million across nearly 39,900 victims. This spike coincided with Ethereum’s strongest rally of the year, reinforcing the idea that higher trading activity creates more opportunities for scammers.
Q3 alone accounted for 37% of total annual losses, even though it represents just one-quarter of the year. August and September together contributed $23.95 million, or 29% of the yearly total, during a period of heightened market participation.
Despite the increased activity, the average loss per victim in Q3 fell to $778, down from $969 in Q1, suggesting users may be getting better at limiting damage or spotting scams sooner.
By contrast, the fourth quarter saw a steep decline as markets cooled. Losses dropped to just $13.09 million across 22,592 victims, with December recording the lowest monthly total of the year at $2.04 million.
Scam Sniffer summed it up clearly: more market activity means more potential victims, as phishing thrives on user engagement rather than technical breakthroughs.
EIP-7702 exploitation emerges
Attackers also adapted to new technology. Shortly after Ethereum’s Pectra upgrade, scammers began exploiting EIP-7702 account abstraction, allowing them to bundle multiple malicious actions into a single signature.
The largest EIP-7702-related incidents occurred in August, totaling $2.54 million across two attacks. Meanwhile, Permit and Permit2 signatures were responsible for $8.72 million across three major cases, accounting for 38% of large-case losses.
Other methods included transfer-based attacks ($4.87 million) and approve or increaseApproval signatures ($5.62 million combined).
The biggest theft of 2025 happened in September, when attackers stole $6.5 million in stETH and aEthWBTC using a Permit signature. Overall, large phishing cases totaled $22.98 million, making up 27% of the year’s losses, with most occurring during peak market months.
While the sharp drop in losses is encouraging, the report shows phishing remains closely tied to market momentum — meaning vigilance is still essential during crypto rallies.
Also Read: Why Crypto’s Quiet Evolution May Be the Key to Mass Adoption
