- Crypto phishing losses plunged, yet wallet drainers quietly adjusted strategies.
- Market rallies still trigger phishing spikes despite declining overall losses.
- Attackers now target more users with smaller, faster draining tactics.
Crypto phishing linked to wallet drainers declined sharply in 2025, easing pressure across major EVM networks, however security analysts warned attackers remained active beneath the surface. According to Scam Sniffer, total phishing losses fell to $83.85M, representing an 83% year over year decline, marking a steep drop from nearly $494M recorded previously.
At the same time, victim numbers dropped significantly, with Scam Sniffer reporting 106,000 affected wallets, reflecting a 68% reduction. Despite the decline, phishing did not disappear, as Scam Sniffer explained that losses closely tracked market activity levels.
During periods of higher onchain engagement, phishing incidents increased accordingly, hence market momentum remained a key driver of attack success. The third quarter produced the highest losses at $31M, according to Scam Sniffer, with August and September alone accounting for nearly 29% of total yearly losses.
Monthly data reinforced this trend, as losses ranged from $2.04M in December to $12.17M during August’s peak.
Also Read: Trump-Era Law Frees Bitfinex Bitcoin Hacker Years Early, Shocking Crypto World
Wallet drainers adapt as big attacks fade
Although losses fell, Scam Sniffer observed clear shifts in attacker behavior, as large scale thefts declined while smaller, frequent attacks increased. Only 11 incidents exceeded $1M during the year, down from 30 previously, pushing attackers toward high volume, lower value strategies. The average loss per victim dropped to $790, suggesting a move toward broader retail targeting rather than isolated high profile exploits.
Permit based phishing remained a dominant method, according to Scam Sniffer, with the largest single theft reaching $6.5M in September. Overall, Permit and Permit2 attacks accounted for 38% of incidents above $1M, exposing ongoing weaknesses in user approval awareness. Additionally, attackers quickly exploited protocol changes, as Scam Sniffer identified EIP 7702 based malicious signatures after Ethereum’s Pectra upgrade.
Two major cases in August caused $2.54M in losses by bundling multiple harmful actions into a single user signature. Meanwhile, broader crypto hack losses eased toward year end, according to PeckShield, with December losses falling to about $76M. This marked a 60% decline from November’s $194.2M, although serious incidents continued across the ecosystem.
A $50M address poisoning scam and a $27.3M private key leak underscored ongoing risks, prompting Scam Sniffer to warn about evolving drainer ecosystems.
