Cryptocurrency Phishing Theft Decline in 2025
In a significant year-over-year decline, cryptocurrency phishing thefts fell by 83% in 2025, amounting to a total loss of approximately $83.85 million, compared to nearly $494 million in 2024. A report from Scam Sniffer highlights that the number of affected individuals also decreased substantially, dropping by 68% to 106,106 victims from 332,000 the prior year. Notably, the largest single incident of theft saw a staggering decline of 88.3%, reducing from $55.48 million to $6.5 million.
Phishing Attack Trends and Market Correlation
The report focused on phishing attacks mainly via wallet drainer schemes targeting EVM-compatible blockchains, steering clear of direct hacks, breaches on exchanges, or difficulties arising from smart contracts. The third quarter of 2025 alone accounted for $31.04 million in losses spread across nearly 40,000 victims. This period coincided with a notable surge in Ethereum’s market performance, reflecting a correlation between market dynamics and phishing activity. Notably, Q3 comprised 37% of the year’s total losses despite only covering a quarter of the entire year.
August and September proved particularly detrimental, collectively resulting in losses of $23.95 million, or 29% of the annual total, reflecting the consequences of the market’s heightened trading activity. The average loss incurred by each victim during the third quarter was $778, a downturn from $969 observed in the first quarter.
Fourth Quarter Trends and Notable Incidents
As the market calmed in the fourth quarter, phishing losses dropped significantly to $13.09 million, impacting just over 22,500 victims. The month of December particularly saw a representative low, with only $2.04 million recorded in losses and 5,313 victims affected. The report noted:
“Market-Loss Correlation: Q3’s highest losses ($31M) coincided with ETH’s strongest rally. More market activity = more potential victims.”
November exhibited an unusual spike where losses increased by 137%, while the number of victims fell by 42%. That month, victims experienced an average loss of $1,225, rising from $580 in October; however, the report cautions that this might be part of typical monthly variability rather than a definitive trend.
Exploitation of EIP-7702 and Summary of Losses
Phishing attackers cleverly utilized features linked to EIP-7702 account abstraction soon after the Pectra upgrade. This enabled them to bundle various harmful operations into single signature requests. August marked a peak in EIP-7702 related attacks, leading to losses of $2.54 million across two significant incidents. Furthermore, Permit and Permit2 signatures accounted for $8.72 million in three cases, representing a significant 38% of losses in the larger incidents.
Summary figures across larger thefts showed total significant loss cases exceeding $1 million were recorded 11 times, predominantly during the intensive trading months of July through September—a period which included six of those significant thefts. In total, large-case losses reached $22.98 million, comprising about 27% of overall losses for the year. The most notable theft of the year involved $6.5 million in stETH and aEthWBTC stolen through a Permit signature in September, with other substantial attacks occurring in May and August, garnering millions in losses from various signature exploits.
