Crypto Phishing Losses Dropped 83% in 2025: Scam Sniffer Report

The findings point to a notable shift in one of crypto’s most persistent security threats. Wallet drainers, which rely on tricking users into signing malicious transactions, have long been a major source of losses across decentralized ecosystems. While phishing did not disappear in 2025, its financial impact was substantially lower, and fewer users were affected overall.

Scam Sniffer said the number of victims linked to these attacks declined by about 68% year over year, with roughly 106,106 users impacted in 2025. The drop suggests that increased awareness, improved wallet protections, and better detection tools may be helping users avoid some of the most common traps used by attackers.

At the same time, the data shows that phishing activity remains closely tied to market behavior rather than steadily declining on its own. According to the report, periods of higher market engagement tend to create more opportunities for attackers, while quieter phases reduce overall losses.

This pattern played out clearly throughout the year. Scam Sniffer found that the third quarter of 2025 recorded the highest concentration of phishing losses, totaling about $31 million, or nearly 29% of the year’s total. That spike coincided with increased on-chain activity, when more users were actively interacting with wallets, decentralized applications, and token approvals.

By contrast, losses dropped sharply toward the end of the year. December saw phishing losses fall to roughly $2.04 million, reflecting lower overall activity and fewer opportunities for malicious actors to reach users at scale.

Rather than viewing phishing as a constant threat, Scam Sniffer described it as a risk that rises and falls alongside user participation. When more people are signing transactions and exploring new platforms, the likelihood of encountering a phishing attempt increases. When activity slows, so does the overall impact of these schemes.

Although total losses were lower, attackers did not stand still in 2025. Scam Sniffer observed shifts in how phishing campaigns were carried out, with continued reliance on permit-based signatures that grant ongoing access to a victim’s assets. These approvals can be particularly dangerous because they allow attackers to drain funds later, often without further interaction from the user.

The report also highlighted newer attack techniques tied to recent changes in Ethereum’s transaction framework. Following the Pectra network upgrade, Scam Sniffer identified phishing incidents involving malicious EIP-7702 signatures. These transactions bundle multiple actions into a single signature, making it harder for users to clearly see what they are approving. Two major incidents involving this method in August resulted in around $2.54 million in losses.

While these attacks introduced added complexity, their scale was smaller than some of the largest phishing events seen in previous years. Scam Sniffer said the biggest single phishing theft recorded in 2025 totaled about $6.5 million, well below the largest incident documented in 2024. This suggests that attackers may be shifting toward smaller or more targeted operations rather than relying on a few massive exploits.

Importantly, Scam Sniffer cautioned that its figures capture only one segment of crypto-related crime. The report focuses exclusively on wallet drainer phishing attacks observed on EVM-compatible blockchains and does not include losses from exchange breaches, smart contract exploits, malware infections, or private key compromises.

As a result, the decline should not be interpreted as a broad reduction in all forms of crypto fraud. Instead, it reflects changes within a specific attack category, one that has been heavily targeted by security tools and user education efforts over the past year.

Still, the data points to progress. Scam Sniffer noted that improved wallet warnings, transaction simulations, and phishing detection mechanisms may be making it harder for attackers to succeed using older techniques. In response, scammers appear to be experimenting with newer transaction standards and more subtle forms of deception. The report serves as a reminder that lower loss figures do not eliminate risk. Phishing remains an evolving threat, particularly during periods of increased market activity, when users may move quickly and approve transactions without close inspection.

Scam Sniffer showed that while 2025 marked a meaningful reduction in wallet drainer losses, continued caution remains essential. As transaction designs grow more complex and attackers adapt their methods, staying alert to what a signature actually authorizes remains one of the most important defenses for crypto users.