- Trending
- Comments
- Latest
Cryptocurrency phishing losses fell 83% in 2025, dropping to $83.85 million from nearly $500 million the previous year as weaker market conditions reduced both attacker activity and victim profitability, according to blockchain security firm Scam Sniffer’s annual report.
The number of victims also declined 68% to 106,106 from over 330,000 in 2024, with security analysts attributing the improvement to lower trading volumes and reduced user engagement during extended market downturns.
However, experts warn the decline likely reflects cyclical market behavior rather than improved security, with phishing attacks historically surging during bull markets when transaction activity and new user adoption accelerate.
A closer look at quarterly data underscores the relationship between price action and Crypto phishing losses. During the first quarter, when digital asset prices were under pressure, phishing attacks resulted in $21.94 million in losses, impacting just over 22,000 victims.
As markets stabilized in the second quarter, losses declined further to $17.78 million, affecting roughly 21,000 users. Scam Sniffer attributed the slowdown to reduced speculative activity and lower engagement across decentralized applications.
The picture changed dramatically in the third quarter. Several major assets staged strong rallies, with Bitcoin climbing to a peak of $123,000 and Ethereum reaching an all-time high of $4,946 in August. The renewed bull market atmosphere coincided with a surge in scams, pushing Crypto phishing losses to $31.04 million and affecting around 40,000 victims.
August and September alone accounted for 29% of total annual losses, making the third quarter the most dangerous period for users. By contrast, the final quarter of the year saw phishing activity cool significantly, with losses dropping to $13.09 million—the quietest stretch of 2025.
Despite the overall decline, Scam Sniffer warned that attackers continue to refine their techniques. The largest single phishing incident of the year occurred in September, when hackers stole $6.5 million in staked ether and wrapped bitcoin derivatives.
The attack relied on Permit-style signatures, which allow token spending approvals without requiring an immediate transfer. According to the report, this method accounted for 38% of Crypto phishing losses among cases exceeding $1 million.
“Permit and Permit2 signatures are increasingly abused because they appear legitimate to users,” Scam Sniffer explained. “Attackers disguise malicious permissions as routine approval prompts, leading victims to sign away control without realizing it.”
Other notable incidents included a $3.13 million theft of wrapped Bitcoin in May using an approval escalation technique, and a $3.05 million stablecoin loss in August tied to a direct transfer exploit. In total, only 11 phishing cases exceeded $1 million in 2025, down from 30 such incidents the previous year.
The report also highlighted a sharp drop in the average loss per victim, which fell to $790 from nearly $1,500 in 2024—another indicator that Crypto phishing losses are becoming more fragmented rather than dominated by mega-thefts.
While Scam Sniffer’s analysis focused primarily on signature-based wallet drainer attacks, the broader threat landscape remains severe. One of the most damaging crypto-related incidents of the year occurred in February, when North Korea-linked Lazarus Group compromised a developer machine connected to a multisignature wallet provider used by Bybit.
The attackers injected malicious code into a signing interface, allowing them to spoof legitimate approvals and steal approximately $1.46 billion. Although the incident falls outside traditional phishing metrics, security experts say such breaches skew public perceptions of Crypto phishing losses by highlighting how supply chain attacks can be even more devastating.
According to analysis, supply chain compromises were a recurring theme in 2025. Attackers frequently used phishing emails to steal developer credentials, inject malicious code into open-source packages, and backdoor widely used libraries. These attacks enabled the exfiltration of private keys, authentication tokens, and sensitive user data at scale.
Other common tactics included hijacked front-end interfaces, compromised social media accounts, and malware designed to harvest private keys—all of which continue to contribute indirectly to Crypto phishing losses.
The year ended with a sophisticated phishing campaign that targeted more than 3,000 manufacturing organizations by abusing Google’s cloud infrastructure. In December, victims reported receiving emails disguised as legitimate Google Tasks notifications, urging recipients to complete an urgent “All Employees Task.”
Users who clicked “View task” or “Mark complete” were redirected to malicious pages hosted on trusted cloud storage services. Because the emails were sent using legitimate application integration tools, they passed standard authentication checks and bypassed many security gateways.
Security researchers warned that such campaigns highlight the evolving nature of phishing, even as overall Crypto phishing losses trend lower. “Attackers are increasingly leveraging trusted platforms to mask malicious intent,” Scam Sniffer said, noting that technical sophistication continues to rise despite reduced aggregate losses.
While 2025’s data points to meaningful progress, analysts caution against complacency. History suggests that Crypto phishing losses tend to rebound during sustained bull markets, when new users enter the ecosystem and transaction volumes spike.
For now, the decline offers a measure of relief to investors and developers alike. But as Scam Sniffer concluded, phishing remains “an adaptive threat,” one that will likely resurface with renewed intensity when market optimism returns.
As crypto heads deeper into 2026, the battle between attackers and defenders appears far from over—even if Crypto phishing losses are, for the moment, moving in the right direction.
