Crypto Phishing Losses Crash By 83% In 2025 – Details

bitcoinistPubblicato 2026-01-04Pubblicato ultima volta 2026-01-04

Introduzione

Crypto phishing losses plummeted by 83% in 2025, falling from $494 million to $83.85 million, with victim count dropping 68% to 106,106. Despite the decline, Web3 security firm Scam Sniffer warns this does not indicate reduced threat levels, as losses correlated with market activity—peaking in Q3 during high user engagement. A new threat emerged with EIP-7702 exploits, enabling bundled malicious transactions via account abstraction. Permit/Permit2 signatures remained the leading attack method, responsible for 38% of large-case losses. Major incidents included a $1.46 billion breach by the Lazarus group. While reported losses fell, attackers may be shifting to harder-to-track methods like private key theft or targeted social engineering.

Phishing losses fell drastically in 2025 by over 83% compared to the previous year. However, the underlying data show that reduced figures do not translate to a decline in security threats.

Crypto Phishing Losses Down From $494M To $84M In 2025

A phishing attack occurs when an unsuspecting user is tricked into giving up sensitive information or signing off on malicious transactions. In the crypto space, signature phishing attacks are a major security concern and are facilitated using wallet drainers.

According to Web3 security outfit Scam Sniffer, total phishing losses in 2025 were valued at $83.85 million across 106,106 victims, representing respective drops of 83% and 68% from 2024. There were also 11 large cases of theft over $1 million compared to 30 in 2024. Meanwhile, the single largest theft was a $6.5 million loss via a permit signature attack in September, which was 8x lower than that of 2024.

While the latest figures represent a significant decline from the previous year, Scam Sniffer analysts state there is no direct translation to decreased market threat as losses moved in parallel with the market cycle. Therefore, losses increased or decreased in relation to the global crypto user activity.

Notably, monthly losses varied from $2.04 million in December to $12.17 million in August. However, Q3, which was the busiest market period, accounted for the largest portion (29% i.e $31 million) of the yearly losses. However, figures dropped to $13 million in Q4, as user activity cooled off.

Related Reading: Aave Founder Responds To Governance Tension With Strategic Plan – Details

EIP-7702 Emerges As Latest Phishing Signature Type

According to Scam Sniffer’s report, EIP-7702 exploitation emerged as a new threat in the signature-based wallet-drainer ecosystem. Leveraging account abstraction introduced in the Pectra upgrade in May 2025, attackers can bundle multiple malicious operations into a single signature.

Notably, the largest EIP-7702 losses, with two incidents culminating in $2.54 million, were recorded in August. Meanwhile, Permit/ Permit2 signature types lead the space, accounting for $8.72 million in losses across three major incidents, I.e. 38% of all large-case losses.

Beyond signature phishing types, Scam Sniffer also highlighted other phishing attack types that threaten the crypto space. The Bybit incident in February stands out, after the Lazarus group breached a Safe (Wallet) developer machine and launched a program that imitated the multi-sig interface, resulting in losses of $1.46 billion.

In conclusion, while reported signature phishing losses have declined, the threat landscape remains active. Moreover, the fall in trackable losses may suggest attackers are employing harder-to-track vectors such as private key breaches or targeted social engineering.

Total crypto market cap valued at $3.08 trillion on the daily chart | Source: TOTAL chart on Tradingview.com

Domande pertinenti

QWhat was the percentage decrease in crypto phishing losses from 2024 to 2025 according to Scam Sniffer?

AThere was an 83% decrease in crypto phishing losses from 2024 to 2025.

QWhat new type of phishing signature emerged as a threat in 2025, and which Ethereum upgrade did it leverage?

AEIP-7702 exploitation emerged as a new threat, leveraging the account abstraction introduced in the Pectra upgrade in May 2025.

QDespite the drop in losses, why do analysts caution that this does not mean the market threat has declined?

AAnalysts state that losses moved in parallel with the market cycle, meaning they increased or decreased in relation to global crypto user activity, not because the underlying security improved.

QWhich quarter of 2025 accounted for the largest portion of the yearly phishing losses, and how much was it?

AQ3 of 2025 accounted for the largest portion of the yearly losses at 29%, which was $31 million.

QWhat was the single largest theft via a permit signature attack in 2025, and how did it compare to 2024?

AThe single largest theft was a $6.5 million loss via a permit signature attack in September, which was 8 times lower than the largest theft in 2024.

Letture associate

North Korean Hackers Loot $500 Million in a Single Month, Becoming the Top Threat to Crypto Security

North Korean hackers, particularly the notorious Lazarus Group and its subgroup TraderTraitor, have stolen over $500 million from cryptocurrency DeFi platforms in less than three weeks, bringing their total theft for the year to over $700 million. Recent major attacks on Drift Protocol and KelpDAO, resulting in losses of approximately $286 million and $290 million respectively, highlight a strategic shift: instead of targeting core smart contracts, attackers are now exploiting vulnerabilities in peripheral infrastructure. For instance, the KelpDAO attack involved compromising downstream RPC infrastructure used by LayerZero's decentralized validation network (DVN), allowing manipulation without breaching core cryptography. This sophisticated approach mirrors advanced corporate cyber-espionage. Additionally, North Korea has systematically infiltrated the global crypto workforce, with an estimated 100 operatives using fake identities to gain employment at blockchain companies, enabling long-term access to sensitive systems and facilitating large-scale thefts. According to Chainalysis, North Korean-linked hackers stole a record $2 billion in 2025, accounting for 60% of all global crypto theft that year. Their total historical crypto theft has reached $6.75 billion. Post-theft, they employ specialized money laundering methods, heavily relying on Chinese OTC brokers and cross-chain mixing services rather than standard decentralized exchanges. Security experts, while acknowledging the increased sophistication, emphasize that many attacks still exploit fundamental weaknesses like poor access controls and centralized operational risks. Strengthening private key management, limiting privileged access, and enhancing coordination among exchanges, analysts, and law enforcement immediately after an attack are critical to improving defense and fund recovery chances. The industry's challenge now extends beyond secure smart contracts to safeguarding operational security at the infrastructure level.

marsbit37 min fa

North Korean Hackers Loot $500 Million in a Single Month, Becoming the Top Threat to Crypto Security

marsbit37 min fa

Circle CEO's Seoul Visit: No Korean Won Stablecoin Issuance, But Met All Major Korean Banks

Circle CEO Jeremy Allaire's recent activities in Seoul indicate a strategic shift for the company, moving away from issuing a Korean won-backed stablecoin and instead focusing on embedding itself as a key infrastructure provider within Korea’s financial and crypto ecosystem. Despite Korea accounting for nearly 30% of global crypto trading volume—with a market characterized by high retail participation and altcoin dominance—Circle has chosen not to compete for the role of stablecoin issuer. Instead, Allaire met with major Korean banks (including Shinhan, KB, and Woori), financial groups, leading exchanges (Upbit, Bithumb, Coinone), and tech firms like Kakao. This approach reflects a broader industry transition: the core of stablecoin competition is shifting from issuance rights to systemic positioning. With Korean regulators still debating whether banks or tech companies should issue stablecoins, Circle is avoiding regulatory uncertainty by strengthening its role as a service and technology partner. The company is deepening integration with trading platforms, building connections, and promoting stablecoin infrastructure. This positions Circle to benefit regardless of which entity eventually issues a won stablecoin. Allaire also noted the potential for a Chinese yuan stablecoin in the next 3–5 years, underscoring a regional trend of stablecoins becoming more regulated and integrated with traditional finance. Ultimately, Circle’s strategy highlights that future influence in the stablecoin market will belong not necessarily to the issuers, but to the foundational infrastructure layers that enable cross-system transactions.

marsbit1 h fa

Circle CEO's Seoul Visit: No Korean Won Stablecoin Issuance, But Met All Major Korean Banks

marsbit1 h fa

SpaceX Ties Up with Cursor: A High-Stakes AI Gambit of 'Lock First, Acquire Later'

SpaceX has secured an option to acquire AI programming company Cursor for $60 billion, with an alternative clause requiring a $10 billion collaboration fee if the acquisition does not proceed. This structure is not merely a potential acquisition but a strategic move to control core access points in the AI era. The deal is designed as a flexible, dual-path arrangement, allowing SpaceX to either fully acquire Cursor or maintain a binding partnership through high-cost collaboration. This "option-style" approach minimizes immediate regulatory and integration risks while ensuring long-term alignment between the two companies. At its core, the transaction exchanges critical AI-era resources: SpaceX provides its Colossus supercomputing cluster—one of the world’s most powerful AI training infrastructures—while Cursor contributes its AI-native developer environment and strong product adoption. This synergy connects compute power, models, and application layers, forming a closed-loop AI capability stack. Cursor, founded in 2022, has achieved rapid growth with over $1 billion in annual revenue and widespread enterprise adoption. Its value lies in transforming software development through AI agents capable of coding, debugging, and system design—positioning it as a gateway to future software production. For SpaceX, this move is part of a broader strategy to evolve from a aerospace company into an AI infrastructure empire, integrating xAI, supercomputing, and chip manufacturing. Controlling Cursor fills a gap in its developer tooling layer, strengthening its AI narrative ahead of a potential IPO. The deal reflects a shift in AI competition from model superiority to ecosystem and entry-point control. With programming tools as a key battleground, securing developer loyalty becomes crucial for dominating the software production landscape. Risks include questions around Cursor’s valuation, technical integration challenges, and potential regulatory scrutiny. Nevertheless, the deal underscores a strategic bet: controlling both compute and software development access may redefine power dynamics in the AI-driven future.

marsbit1 h fa

SpaceX Ties Up with Cursor: A High-Stakes AI Gambit of 'Lock First, Acquire Later'

marsbit1 h fa

Ripple’s Tokenization Bet: Will XRP Price Explode As It Enters This Trillion-Dollar Industry?

Institutional capital is quietly moving onto the XRP Ledger (XRPL), with over $333 million in tokenized US Treasury products now live from firms like BlackRock-backed Ondo Finance, OpenEden, Guggenheim, and abrdn. This marks a significant shift for XRPL, traditionally known for payments, into the tokenized real-world asset sector. While still a tiny fraction of the $30+ trillion Treasury market, XRPL's tokenized assets grew 2,200% in 2025. Experts project the global tokenization market could reach $200 trillion. If XRPL captures a notable share as this market scales, it could have significant implications for the price of XRP.

bitcoinist2 h fa

Ripple’s Tokenization Bet: Will XRP Price Explode As It Enters This Trillion-Dollar Industry?

bitcoinist2 h fa

Bitcoin Could Strengthen US National Security, Top Military Commander Says

US lawmakers advocate for domestic Bitcoin mining equipment production, citing national security risks from foreign hardware dependence. Admiral Samuel Paparo, commander of US Indo-Pacific Command, testified to the Senate Armed Services Committee that Bitcoin is a tool for "power projection" and cybersecurity. He emphasized Bitcoin's proof-of-work system as a costly deterrent against network attacks, aligning it with US national power instruments. This echoes earlier military perspectives, like US Space Force's Jason Lowery, who argued Bitcoin's utility beyond finance. The hearing also addressed cyber threats, including North Korea's crypto theft for weapons funding. While the US leads in Bitcoin holdings and mining, reliance on overseas-manufactured mining hardware remains a vulnerability.

bitcoinist4 h fa

Bitcoin Could Strengthen US National Security, Top Military Commander Says

bitcoinist4 h fa

Trading

Spot

Futures