Wallet Drainer Phishing Losses Decrease to $84M in 2025, a 83% Drop

In 2025, the occurrences of crypto phishing attacks associated with wallet drainers saw a significant decline, with total losses reducing to $83.85 million, reflecting an 83% decrease from nearly $494 million reported the previous year.

Main Insights:

• Phishing losses linked to wallet drainers decreased by 83% in 2025, although attackers remain vigilant and adaptable.
• Phishing surges corresponded with market uptrends, particularly with Ethereum’s Q3 increase resulting in the highest losses of the year.
• Risks for users continue to stem from permit-based approvals and emerging EIP-7702 exploits.

The number of impacted users also dropped to around 106,000, indicating a 68% reduction year-over-year, as reported by the Web3 security platform Scam Sniffer.

The findings indicate a notable deceleration in one of the crypto sector’s most enduring threats, characterized by fewer victims and diminished overall losses, even as attackers refine their strategies.

Report Indicates Spike in Crypto Phishing Losses During Market Rallies

Despite the substantial decrease, the report warned that phishing activities have not vanished. Instead, losses closely mirrored broader market trends.

Periods of increased on-chain activities were followed by surges in phishing occurrences, while quieter market conditions led to a reduction in losses.

The third quarter of 2025, which aligned with Ethereum’s most significant rally of the year, recorded the peak losses at $31 million. August and September alone represented nearly 29% of the total losses for the year.

Scam Sniffer characterized phishing as a “probability function of user activity,” emphasizing that higher transaction volumes generally expand the pool of potential victims.

Monthly losses varied from just $2.04 million in December, the least active month, to $12.17 million in August, when trading activity was at its highest.

Scam Sniffer 2025 Report is published!
Crypto phishing losses decreased by 83% — $494M → $83.85M, with 106K victims (-68%).
However, the threat aligned with market trends: Q3 rally = peak losses. EIP-7702 exploitation arose after Pectra.
Read the full report https://t.co/qziSEjiEVx

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 3, 2026

The largest single incident for the year involved a $6.5 million theft in September linked to a malicious Permit signature.

Permit and Permit2 approvals continued to be the most effective tools for attackers, representing 38% of losses in cases exceeding $1 million.

The data indicates that approval-based exploits remain a significant risk, especially for users engaging with unfamiliar applications.

The report also pointed out the rise of new attack vectors. After Ethereum’s Pectra upgrade, attackers began exploiting malicious signatures based on EIP-7702, which allow multiple harmful actions to be consolidated into a single user approval.

Two such incidents in August caused losses of $2.54 million, highlighting how swiftly attackers adapt to changes in protocols.

Crypto Phishers Transition from Large Heists to Mass Retail Attacks

High-profile attacks became less common, with only 11 incidents exceeding $1 million in 2025, a decrease from 30 the previous year. Simultaneously, attackers seemed to pivot towards smaller, high-volume campaigns.

The average loss per victim dropped to $790, indicating a broader shift towards targeting retail users rather than isolated, high-value thefts.

As reported, an attacker has drained funds from numerous crypto wallets across Ethereum Virtual Machine (EVM)–compatible networks, extracting small amounts from each address in what on-chain investigator ZachXBT described as an extensive, low-value operation.

Although individual losses were limited, typically under $2,000 per wallet, the breadth of the incident suggests a coordinated effort rather than a solitary breach.

Meanwhile, crypto-related losses from hacks and cybersecurity incidents fell sharply in December, declining 60% month-on-month to approximately $76 million.

The post Wallet Drainer Phishing Losses Fall to $84M in 2025, Down 83% appeared first on Cryptonews.