Crypto phishing losses will have plummeted by 2025, but experts warn the threat has merely changed form rather than disappeared. Reports indicate a sharp drop in the number of funds stolen from wallet-draining scams, even as attackers tried new tricks tied to recent protocol changes.
Related reading
Scam Sniffer data shows a decline
According to Scam Sniffer Analysis from 2025Phishing losses tapping wallets fell to approximately $83.85 million – an 83% drop from approximately $494 million in 2024.
The number of affected wallets dropped to approximately 106,000, a decline of approximately 68% year-over-year. These figures come from the security platform’s annual survey and have been picked up by major crypto shops.
Attackers switch, don’t stop
Only 11 incidents exceeded $1 million in 2025, compared to 30 the year before, indicating fewer headlines but an increase in smaller hits. Last year’s largest theft was approximately $6.5 million, which was related to a malicious Permit signature attack.
Average losses per victim dropped to around $790, indicating attackers shifted to more frequent, lower-value attacks.
Market movements were important
Losses followed market activity. The third quarter recorded the highest damage, at around $31 million, as Ethereum’s rally brought more users and approvals onto the chain.
Monthly peaks included August, which recorded about $12.17 million, while December was the quietest at about $2 million. That pattern shows that fraudsters are targeting busy trading windows.
1/ Ever woke up to an empty crypto wallet? With Scammers Wasted $107,000+ on EVM Chains JUST THIS WEEK (per @zachxbt), it’s scarier than ever!
Shoutout to @realscamsniffer for their 2025 report: Losses are down 83%, but threats are evolving FAST. Let’s summarize and warn for 2026… https://t.co/uSerpsg80d
— JP (@rugpullfinder) January 3, 2026
Permit signatures and new vectors
Reports highlighted misuse of permits and permit2 signatures as a major cause of major losses, accounting for a large proportion of multi-million cases.
Scam sniffer also highlighted EIP-7702 batch signature techniques used in some complex attacks after network upgrades. Security teams say these methods use user approval flows instead of raw smart-contract bugs.
Why the drop happened
Analysts attribute much of the improvement to better wallet alerts, broader use of approval revocation tools, and more active tracking by onchain monitors.
Some defenders also point to a decline in market froth during parts of the year, which reduced the supply of high-value targets. Still, multiple outlets emphasize that lower totals do not equate to safety.
Related reading
Based on reports, phishing is likely to remain cyclical: losses could increase again during major rallies or when new signing features are introduced.
Security companies are urging users to check approvals, avoid blind signatures and use wallet tools that flag risky requests. Regulators and exchanges are monitoring the trend, but the responsibility for many attacks still lies with individual users and wallet software.
Featured image from Unsplash, chart from TradingView