Crypto Phishing Attacks Plummet 83% in 2025, But New Threats Emerge

The landscape of cryptocurrency theft through phishing attacks has undergone a dramatic transformation in 2025. According to Scam Sniffer’s latest security report, crypto phishing attacks resulted in $83.85 million in losses during 2025, representing a stunning 83% decline from the previous year’s $494 million. While this sharp decrease signals growing security awareness, the emergence of new attack vectors tied to recent network upgrades suggests the threat remains far from disappearing.

The improvement extends beyond the headline figures. The number of victims experiencing phishing attack incidents fell 68% to 106,106 from 332,000 in 2024. Even more significantly, the largest single theft amount dropped 88.3% to $6.5 million from the previous year’s $55.48 million, indicating that sophisticated attackers are struggling to orchestrate mega-scale heists. Large-scale incidents exceeding $1 million became substantially rarer, declining 63.3% from 30 cases in 2024 to just 11 in 2025. These statistics cover wallet drainer attacks distributed via phishing websites targeting EVM-compatible chains, excluding direct protocol hacks, centralized exchange breaches, and smart contract vulnerabilities.

Market Rally Drives Peak Attack Volume in Third Quarter

The timing of phishing attack losses reveals a critical correlation with cryptocurrency market dynamics. During the third quarter of 2025, when Ethereum experienced its strongest rally of the year, phishing losses spiked to $31.04 million across 39,886 affected victims. This single quarter accounted for 37% of the entire year’s losses despite representing just one-quarter of the calendar period—a concentration that underscores a fundamental principle: attacking activity directly scales with trading volume and user engagement.

The concentration intensified during August and September, when markets reached peak activity levels. These two months combined generated $23.95 million in phishing attack losses, representing 29% of annual totals. The average loss per victim during Q3 stood at $778, notably lower than Q1’s $969, suggesting that while attackers cast wider nets during peak market periods, they’re capturing less experienced traders on average.

As market activity cooled heading into year-end, phishing attack incidents declined sharply. The fourth quarter saw losses drop to just $13.09 million across 22,592 victims, with December posting the lowest monthly total at $2.04 million affecting 5,313 users. The report explicitly stated this correlation: “Market-Loss Correlation: Q3’s highest losses coincided with ETH’s strongest rally. More market activity equals more potential victims. Phishing operates as a probability function of user activity.”

November presented a noteworthy anomaly—losses surged 137% while victim counts paradoxically dropped 42%. Average loss per victim jumped sharply to $1,225 from $580 in October, though researchers characterized this as temporary monthly fluctuation rather than a confirmed emerging trend.

Post-Pectra Upgrade: Account Abstraction Features Become Target

A concerning development emerged following Ethereum’s Pectra upgrade: attackers rapidly adapted to exploit new account abstraction capabilities introduced via EIP-7702. Within weeks of the upgrade’s deployment, phishing attacks began bundling multiple malicious operations into single cryptographic signatures, complicating user detection and expanding the attack surface significantly.

The technical breakdown reveals how attackers distributed their exploitation across different signature mechanisms. EIP-7702 account abstraction features accounted for incidents in August alone, totaling $2.54 million across two separate cases. The Permit and Permit2 signature-based phishing attacks proved particularly lucrative for attackers, generating $8.72 million across three incidents—representing 38% of all large-case losses. Transfer-based phishing attacks combined for $4.87 million across two cases, while Approve and increaseApproval signatures accounted for $5.62 million across three cases.

Notable individual incidents included the largest 2025 theft of $6.5 million in stETH and aEthWBTC stolen through a Permit signature in September, and a May incident that extracted $3.13 million in WBTC via increaseApproval mechanisms. An August attack siphoned $3.05 million in aEthUSDT through Transfer-based phishing techniques. Six of the 11 large cases exceeding $1 million occurred between July and September, directly overlapping with peak market rally periods. Total losses from large-scale phishing attack incidents reached $22.98 million, accounting for 27% of the entire year’s total damage.

The data suggests that while overall phishing attack incidents have declined substantially, the technical sophistication of attackers continues evolving in response to protocol upgrades and new security mechanisms, requiring constant vigilance from both users and platform developers.