Crypto Phishing Losses Crash By 83% In 2025 – Details

bitcoinistPublicado a 2026-01-04Actualizado a 2026-01-04

Resumen

Crypto phishing losses plummeted by 83% in 2025, falling from $494 million to $83.85 million, with victim count dropping 68% to 106,106. Despite the decline, Web3 security firm Scam Sniffer warns this does not indicate reduced threat levels, as losses correlated with market activity—peaking in Q3 during high user engagement. A new threat emerged with EIP-7702 exploits, enabling bundled malicious transactions via account abstraction. Permit/Permit2 signatures remained the leading attack method, responsible for 38% of large-case losses. Major incidents included a $1.46 billion breach by the Lazarus group. While reported losses fell, attackers may be shifting to harder-to-track methods like private key theft or targeted social engineering.

Phishing losses fell drastically in 2025 by over 83% compared to the previous year. However, the underlying data show that reduced figures do not translate to a decline in security threats.

Crypto Phishing Losses Down From $494M To $84M In 2025

A phishing attack occurs when an unsuspecting user is tricked into giving up sensitive information or signing off on malicious transactions. In the crypto space, signature phishing attacks are a major security concern and are facilitated using wallet drainers.

According to Web3 security outfit Scam Sniffer, total phishing losses in 2025 were valued at $83.85 million across 106,106 victims, representing respective drops of 83% and 68% from 2024. There were also 11 large cases of theft over $1 million compared to 30 in 2024. Meanwhile, the single largest theft was a $6.5 million loss via a permit signature attack in September, which was 8x lower than that of 2024.

While the latest figures represent a significant decline from the previous year, Scam Sniffer analysts state there is no direct translation to decreased market threat as losses moved in parallel with the market cycle. Therefore, losses increased or decreased in relation to the global crypto user activity.

Notably, monthly losses varied from $2.04 million in December to $12.17 million in August. However, Q3, which was the busiest market period, accounted for the largest portion (29% i.e $31 million) of the yearly losses. However, figures dropped to $13 million in Q4, as user activity cooled off.

Related Reading: Aave Founder Responds To Governance Tension With Strategic Plan – Details

EIP-7702 Emerges As Latest Phishing Signature Type

According to Scam Sniffer’s report, EIP-7702 exploitation emerged as a new threat in the signature-based wallet-drainer ecosystem. Leveraging account abstraction introduced in the Pectra upgrade in May 2025, attackers can bundle multiple malicious operations into a single signature.

Notably, the largest EIP-7702 losses, with two incidents culminating in $2.54 million, were recorded in August. Meanwhile, Permit/ Permit2 signature types lead the space, accounting for $8.72 million in losses across three major incidents, I.e. 38% of all large-case losses.

Beyond signature phishing types, Scam Sniffer also highlighted other phishing attack types that threaten the crypto space. The Bybit incident in February stands out, after the Lazarus group breached a Safe (Wallet) developer machine and launched a program that imitated the multi-sig interface, resulting in losses of $1.46 billion.

In conclusion, while reported signature phishing losses have declined, the threat landscape remains active. Moreover, the fall in trackable losses may suggest attackers are employing harder-to-track vectors such as private key breaches or targeted social engineering.

Total crypto market cap valued at $3.08 trillion on the daily chart | Source: TOTAL chart on Tradingview.com

Preguntas relacionadas

QWhat was the percentage decrease in crypto phishing losses from 2024 to 2025 according to Scam Sniffer?

AThere was an 83% decrease in crypto phishing losses from 2024 to 2025.

QWhat new type of phishing signature emerged as a threat in 2025, and which Ethereum upgrade did it leverage?

AEIP-7702 exploitation emerged as a new threat, leveraging the account abstraction introduced in the Pectra upgrade in May 2025.

QDespite the drop in losses, why do analysts caution that this does not mean the market threat has declined?

AAnalysts state that losses moved in parallel with the market cycle, meaning they increased or decreased in relation to global crypto user activity, not because the underlying security improved.

QWhich quarter of 2025 accounted for the largest portion of the yearly phishing losses, and how much was it?

AQ3 of 2025 accounted for the largest portion of the yearly losses at 29%, which was $31 million.

QWhat was the single largest theft via a permit signature attack in 2025, and how did it compare to 2024?

AThe single largest theft was a $6.5 million loss via a permit signature attack in September, which was 8 times lower than the largest theft in 2024.

Lecturas Relacionadas

Hyperliquid ETF Claim Draws Attention As HYPE Narrative Builds On X

A social media claim has brought attention to Hyperliquid (HYPE) and the growth of its related ETF products. According to a June 20 post on X by AlphaOnChain, three Hyperliquid ETFs launched in May 2026 have collectively amassed $158 million in assets under management, led by a Bitwise fund with $88 million and a 21Shares fund with $66 million. The article notes this claim is from social media and not verified by official issuer data, advising caution. Nonetheless, the report highlights that HYPE is gaining traction as a notable altcoin narrative. Its focus on on-chain perpetual trading and exchange infrastructure places it at the intersection of DeFi and derivatives, attracting traders looking for high-conviction plays beyond Bitcoin and Ethereum. The key takeaway is that while social momentum can influence short-term markets, sustainable growth for HYPE would require confirmed demand, liquidity, and continued ecosystem development.

bitcoinistHace 29 min(s)

Hyperliquid ETF Claim Draws Attention As HYPE Narrative Builds On X

bitcoinistHace 29 min(s)

How Does Codex Use a Computer? Three Entry Points and Permission Boundaries

This article explains the three primary methods for Codex to interact with a computer, each with distinct use cases, permission boundaries, and trust levels. **1. Computer Use:** This offers the broadest access, allowing Codex to visually control and interact with the graphical user interface of authorized macOS/Windows apps, system settings, and even iOS simulators. It's ideal for tasks lacking APIs or structured tools, such as operating legacy software or multi-app workflows. However, it's the slowest method and has the widest permission scope, requiring careful supervision for sensitive actions. **2. Chrome Extension:** This grants Codex access to the user's logged-in Chrome browser state, including cookies, profiles, and open tabs. It's best for tasks requiring user identity across websites like Gmail, LinkedIn, Salesforce, or internal dashboards. Its key advantage is multi-tab control for complex workflows. While more powerful for browser-based tasks than Computer Use, it carries higher sensitivity as actions are performed under the user's identity. **3. In-App Browser:** This is a browser isolated within the Codex thread, separate from the user's personal browsing data. It excels in web development and debugging scenarios—previewing local servers, testing responsive layouts, or annotating designs directly on the page. Its isolation is a strength for development but a limitation for tasks requiring login sessions. The core principle is to choose the narrowest, safest, and most structured interface for the task. Use plugins or MCPs first, resort to visual control (Computer Use) only for GUI-dependent tasks, employ the Chrome extension for identity-reliant browser work, and prefer the In-App Browser for isolated development. **Appshots** are clarified as a fourth, complementary tool for *inputting* context—capturing a screenshot of a window to point Codex to something—rather than a method for Codex to *act*. Together, this layered approach highlights a key to AI agent productization: not granting unlimited permissions, but constraining them within clear boundaries for specific tasks while preserving user oversight.

marsbitHace 41 min(s)

How Does Codex Use a Computer? Three Entry Points and Permission Boundaries

marsbitHace 41 min(s)

The "Iron Rule" of Chip Equipment Is Being Broken

For years, the semiconductor equipment industry followed an unwritten "iron rule": suppliers offered steep discounts for new tool introductions (Design-in) and faced consistent price pressure during repeat orders, especially during market downturns. This long-standing buyer's market dynamic is now being upended. Recently, SK Hynix's primary equipment suppliers have reportedly requested a 3-4% price *increase*, a nearly unprecedented move. This shift is driven by a severe supply-demand imbalance fueled by the AI compute boom. Securing equipment has become an urgent arms race as chipmakers' expansion speed dictates their ability to fulfill massive AI chip orders. Key areas feeling the strain include: **TCB (Thermal Compression Bonding) Equipment:** Demand is exploding, driven by the simultaneous needs of HBM4 memory stacking, AI chip Chip-on-Substrate (C2S), and logic Chiplet Chip-on-Wafer (C2W) packaging. Players like Hanmi Semiconductor, Hanwha Semitech, and ASMPT are receiving major orders. While hybrid bonding is seen as the future, TCB remains the pragmatic choice for HBM4 mass production, with its lifecycle extended by relaxed specifications and ongoing technological upgrades. **Test Equipment Bottlenecks:** Ironically, AI-driven shortages are now crippling test equipment manufacturing. Critical components like FPGAs, Driver ICs, and CPUs face severe shortages and extended lead times (up to 52 weeks for FPGAs), as AI data center and server vendors prioritize supply. This creates a paradoxical cycle: AI chip shortages drive fab expansion, which requires more test equipment, whose production is delayed because its key parts are diverted to make AI chips. The industry is entering a broad, AI-powered upcycle. SEMI forecasts global semiconductor equipment sales to hit a record $156 billion by 2027, fueled by investment in advanced logic/foundry, HBM-driven DRAM, and advanced packaging (like CoWoS). Major players like TSMC, SK Hynix, and Micron are aggressively ramping capital expenditure. In conclusion, leading equipment vendors are no longer just selling tools; they are selling the critical capability to deliver AI-era capacity. Pricing power is shifting decisively to those with indispensable technology in key process nodes like advanced logic, HBM, and advanced packaging, rewriting the industry's traditional power structure.

marsbitHace 54 min(s)

The "Iron Rule" of Chip Equipment Is Being Broken

marsbitHace 54 min(s)

Weekly Token Unlock: XPL to Release Millions in Token Value

Weekly Token Unlocks: XPL and SoSoValue Tokens Worth Over $10 Million Set for Release This week sees significant token unlocks for two projects. SoSoValue, an AI-powered crypto investment research platform, will unlock 13.03 million tokens, valued at approximately $3.87 million. The project aims to merge CeFi efficiency with DeFi transparency. Separately, Plasma, a Layer 1 blockchain designed for global stablecoin payments, will unlock 110 million tokens worth about $10.42 million. The network focuses on high throughput, stablecoin-native features, and full EVM compatibility. Both projects have provided their detailed token release schedules.

marsbitHace 1 hora(s)

Weekly Token Unlock: XPL to Release Millions in Token Value

marsbitHace 1 hora(s)

Bitcoin Must Hold $60K Or Risk Major Breakdown, TradingView Analyst Warns

Bitcoin has reached a critical juncture around the $60,000 level, which analysts view as a major technical and psychological support zone. According to a TradingView analysis, a successful hold above this demand area could pave the way for a recovery toward $81,000. However, the warning is clear: a decisive and sustained break below $60,000 would invalidate the bullish outlook, likely triggering stop losses and a deeper market correction. The current setup is described as a binary test—maintaining support keeps the recovery narrative alive, while losing it would signal a shift toward a more significant downturn.

bitcoinistHace 2 hora(s)

Trading

Spot

Futuros