In 2025, the cryptocurrency sector experienced a notable decline in phishing-related financial losses, dropping a substantial 83% to $83.85 million from the previous year's staggering $494 million. This significant reduction, reported by Scam Sniffer, signals a positive shift in cryptocurrency security with a notable decrease in both the number of victims and the scale of major wallet drainer attacks.
Massive Decline in Phishing Incidents and Victims
The substantial reduction in crypto-related phishing losses was accompanied by a sharp 68% decline in the number of victims. The total fell from 332,000 victims in 2024 to just 106,106 in 2025. Of particular note was the dramatic reduction in the largest single thefts, which saw an 88.3% decrease to $6.5 million from the previous year's $55.48 million.
Large-scale phishing incidents, those exceeding $1 million, also plummeted. Such cases dropped by 63.3%, with only 11 incidents noted in 2025 compared to 30 in 2024. These statistics illuminate a broader trend towards reducing large-scale phishing scams, particularly those involving wallet drainer attacks conducted via phishing websites across EVM-compatible chains.
Quarterly Trends Reveal Market Rally Impact
The third quarter of 2025 emerged as a peak period for crypto phishing losses, which reached $31.04 million, coinciding with Ethereum's strongest market rally. This period alone accounted for 37% of the annual losses, underscoring the increased vulnerability during times of heightened trading activity.
The convergence of losses during August and September, where $23.95 million was lost, signifies the susceptibility of investors during active market phases. Average losses per victim during Q3 stood at $778, down from $969 in the year's first quarter, indicating improved individual asset protection strategies.
Year-End Decline Reflects Cooling Markets
Despite a tumultuous third quarter, the year concluded with a pronounced decline in phishing losses. The fourth quarter recorded only $13.09 million in losses across 22,592 victims, with December marking the lowest monthly figure at $2.04 million among 5,313 victims. This decline mirrored the cooling of market activities as the year ended.
Technological Exploitation and Security Challenges
One noteworthy trend was the exploitation of EIP-7702 account abstraction features following the Pectra upgrade. Attackers leveraged these features to consolidate multiple malicious operations into single signature transactions, with August alone witnessing significant EIP-7702 exploitation, totaling $2.54 million in two incidents.
Permit and Permit2 signatures were involved in $8.72 million of large-case losses, representing 38% of such losses. Other forms of transfer-based attacks included $4.87 million through two incidents, and $5.62 million through permit signature combinations like Approve and increaseApproval, spread over three cases.
Six thefts, each exceeding $1 million, took place between July and September, aligning with the peak of market activities. Altogether, these large-case losses tallied up to $22.98 million, comprising 27% of the year's total losses.
Market Activity Breeds Vulnerabilities
The report clearly correlates high market activity with increased phishing success, noting that "more market activity equals more potential victims.” November was an outlier, with losses surging 137% even as the number of victims declined by 42%, hinting at potential market volatility influence.
Outlook on Cryptocurrency Security
The data presented by Scam Sniffer offers a hopeful outlook for the future of digital asset safety. As more individuals and firms adopt improved cybersecurity measures, and as awareness around phishing attacks grows, the cryptocurrency space can continue to foster a more secure environment for investors.
