Crypto wallet drainer phishing scams lost much of their sting in 2025, with total losses falling to about $83.85 million, an 83% drop from nearly $494 million the year before, according to a new report from Scam Sniffer.
The slowdown marks a major shift for one of crypto’s most stubborn threats, as both the number of victims and the overall damage declined. Around 106,000 users were affected in 2025, down 68% year over year, suggesting better awareness and defenses across the ecosystem.
Still, scammers haven’t gone away. The report shows phishing activity rising and falling with market momentum, spiking during periods of heavy trading. Ethereum’s strongest rally in the third quarter drove the year’s biggest losses, with $31 million stolen in Q3 alone. August and September together made up nearly a third of all losses.
Scam Sniffer described phishing as closely tied to user activity: the more people transact onchain, the more opportunities attackers have. Monthly losses ranged from just $2.04 million in December to $12.17 million in August, when markets were most active.
Approval-based attacks remained especially dangerous. The single largest theft of the year — $6.5 million in September — involved a malicious Permit signature, and Permit and Permit2 approvals accounted for 38% of losses in cases over $1 million.
Attackers also moved quickly to exploit new technology. After Ethereum’s Pectra upgrade, scammers began abusing EIP-7702 signatures, which allow multiple harmful actions in one approval. Just two incidents in August caused $2.54 million in losses.
Rather than chasing massive one-off heists, many attackers shifted toward smaller, high-volume scams, targeting everyday users. Only 11 attacks exceeded $1 million in 2025, down from 30 the year before, while the average loss per victim fell to $790.
In one case, investigators tracked a coordinated campaign that drained small amounts from hundreds of wallets across EVM-compatible networks — minor losses individually, but significant in scale.
