Security data shows sharp decline in losses, while attackers adapt tactics during market rallies1
Crypto phishing activity linked to wallet drainers declined sharply in 2025, with total losses falling to $83.85 million, representing an 83% year-over-year decrease from nearly $494 million in 2024. While the drop signals improved user awareness and defenses, security researchers caution that the drainer ecosystem is still active and evolving, especially during periods of heightened market activity.
The number of affected users fell to 106 victims, a 68% reduction compared with the prior year. Despite the improvement, phishing losses continued to track crypto market cycles, rising during rallies and easing during slower periods. The third quarter of 2025 recorded the highest losses at $31 million, accounting for nearly 29% of the annual total, coinciding with Ethereum’s strongest price performance of the year.
The largest single phishing incident totaled $6.5 million and involved a malicious Permit signature, reinforcing that Permit and Permit2 approvals remain a primary attack method. These attacks represented 38% of losses among cases exceeding $1 million.
Notably, 2025 saw the emergence of EIP-7702–based phishing attacks following Ethereum’s Pectra upgrade. Two incidents in August alone caused $2.54 million in losses, showing how quickly attackers exploit protocol changes.
Large-scale incidents declined to 11 cases above $1 million, down from 30 in 2024. However, attackers increasingly targeted smaller amounts, pushing the average loss per victim down to $790. As researchers noted, “the drainer ecosystem remains active”, with new actors continually replacing old ones.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.