By 2025, the year-over-year cryptocurrency phishing loss has dropped by 83%, but the "wallet emptier" ecosystem remains active

BlockBeats News, January 3rd, the Web3 security platform Scam Sniffer reported that in 2025, the losses from crypto phishing attacks related to wallet drainers decreased to approximately $83.85 million, a significant 83% drop from nearly $494 million in 2024; the number of victims decreased to 106 people, a 68% year-on-year decrease.

However, the report pointed out that phishing activities have not disappeared but are highly correlated with market cycles. In the third quarter of 2025, accompanied by Ethereum's strong rebound, phishing losses reached a yearly high of $31 million, accounting for nearly 29% of the year. The lowest monthly loss was about $2.04 million in December, while the highest was $12.17 million in August.

In terms of tactics, Permit/Permit2 authorization phishing remains the most effective tool for attackers, with the largest single case in 2025 occurring in September, with a loss of $6.5 million; furthermore, with the Ethereum Pectra upgrade, a new type of malicious signature attack based on EIP-7702 quickly emerged, causing a total loss of $2.54 million in two events in August.

It is worth noting that the number of large-scale cases has significantly decreased—only 11 cases in 2025 had losses exceeding $1 million, lower than the 30 cases in 2024. However, attackers have shifted to a "small-scale high-frequency" strategy, with the average loss per victim dropping to $790. Scam Sniffer concluded: "the drainer ecosystem is still operational—old ones exit, and new ones keep emerging."

In addition, PeckShield data shows that in December 2025, losses from crypto hacks and security incidents were approximately $76 million, a 60% decrease from the previous month, but attack activities remain frequent.