Crypto Phishing Losses Crash By 83% In 2025 – Details

bitcoinistОпубликовано 2026-01-04Обновлено 2026-01-04

Введение

Crypto phishing losses plummeted by 83% in 2025, falling from $494 million to $83.85 million, with victim count dropping 68% to 106,106. Despite the decline, Web3 security firm Scam Sniffer warns this does not indicate reduced threat levels, as losses correlated with market activity—peaking in Q3 during high user engagement. A new threat emerged with EIP-7702 exploits, enabling bundled malicious transactions via account abstraction. Permit/Permit2 signatures remained the leading attack method, responsible for 38% of large-case losses. Major incidents included a $1.46 billion breach by the Lazarus group. While reported losses fell, attackers may be shifting to harder-to-track methods like private key theft or targeted social engineering.

Phishing losses fell drastically in 2025 by over 83% compared to the previous year. However, the underlying data show that reduced figures do not translate to a decline in security threats.

Crypto Phishing Losses Down From $494M To $84M In 2025

A phishing attack occurs when an unsuspecting user is tricked into giving up sensitive information or signing off on malicious transactions. In the crypto space, signature phishing attacks are a major security concern and are facilitated using wallet drainers.

According to Web3 security outfit Scam Sniffer, total phishing losses in 2025 were valued at $83.85 million across 106,106 victims, representing respective drops of 83% and 68% from 2024. There were also 11 large cases of theft over $1 million compared to 30 in 2024. Meanwhile, the single largest theft was a $6.5 million loss via a permit signature attack in September, which was 8x lower than that of 2024.

Source: Scam Sniffer

While the latest figures represent a significant decline from the previous year, Scam Sniffer analysts state there is no direct translation to decreased market threat as losses moved in parallel with the market cycle. Therefore, losses increased or decreased in relation to the global crypto user activity.

Notably, monthly losses varied from $2.04 million in December to $12.17 million in August. However, Q3, which was the busiest market period, accounted for the largest portion (29% i.e $31 million) of the yearly losses. However, figures dropped to $13 million in Q4, as user activity cooled off.

Related Reading: Aave Founder Responds To Governance Tension With Strategic Plan – Details

EIP-7702 Emerges As Latest Phishing Signature Type

According to Scam Sniffer’s report, EIP-7702 exploitation emerged as a new threat in the signature-based wallet-drainer ecosystem. Leveraging account abstraction introduced in the Pectra upgrade in May 2025, attackers can bundle multiple malicious operations into a single signature.

Notably, the largest EIP-7702 losses, with two incidents culminating in $2.54 million, were recorded in August. Meanwhile, Permit/ Permit2 signature types lead the space, accounting for $8.72 million in losses across three major incidents, I.e. 38% of all large-case losses.

Beyond signature phishing types, Scam Sniffer also highlighted other phishing attack types that threaten the crypto space. The Bybit incident in February stands out, after the Lazarus group breached a Safe (Wallet) developer machine and launched a program that imitated the multi-sig interface, resulting in losses of $1.46 billion.

In conclusion, while reported signature phishing losses have declined, the threat landscape remains active. Moreover, the fall in trackable losses may suggest attackers are employing harder-to-track vectors such as private key breaches or targeted social engineering.

Total crypto market cap valued at $3.08 trillion on the daily chart | Source: TOTAL chart on Tradingview.com

Связанные с этим вопросы

QWhat was the percentage decrease in crypto phishing losses from 2024 to 2025 according to Scam Sniffer?

AThere was an 83% decrease in crypto phishing losses from 2024 to 2025.

QWhat new type of phishing signature emerged as a threat in 2025, and which Ethereum upgrade did it leverage?

AEIP-7702 exploitation emerged as a new threat, leveraging the account abstraction introduced in the Pectra upgrade in May 2025.

QDespite the drop in losses, why do analysts caution that this does not mean the market threat has declined?

AAnalysts state that losses moved in parallel with the market cycle, meaning they increased or decreased in relation to global crypto user activity, not because the underlying security improved.

QWhich quarter of 2025 accounted for the largest portion of the yearly phishing losses, and how much was it?

AQ3 of 2025 accounted for the largest portion of the yearly losses at 29%, which was $31 million.

QWhat was the single largest theft via a permit signature attack in 2025, and how did it compare to 2024?

AThe single largest theft was a $6.5 million loss via a permit signature attack in September, which was 8 times lower than the largest theft in 2024.

Похожее

This Week's Key Events Preview | U.S. to Release April CPI Data; U.S. Senate Banking Committee to Review "Digital Asset Market Structure Act of 2025"

Weekly News Preview: Key events for May 12-16 include major economic and crypto industry developments. On Tuesday, May 12, the U.S. will release its April CPI data. Additionally, the gaming blockchain Ronin will begin a 10-hour migration to an Ethereum Layer 2, built on OP Stack with EigenDA for data availability. This aims to leverage Ethereum's security and settle RON's annual inflation below 1%. Base's first independent network upgrade, "Base Azul," is scheduled for mainnet activation on Wednesday, May 13, focusing on security, performance, and developer experience enhancements. Thursday, May 14, sees the U.S. Senate Banking Committee voting on the "Digital Asset Market Structure Act of 2025." In other news, Solana DeFi protocol Carrot will shut down, setting a final withdrawal deadline due to impacts from the Drift exploit. The Moscow Exchange will launch futures trading for Solana, Ripple, and Tron indices (RUB-settled) for qualified investors. Multiple service closures are scheduled for Friday, May 15. Dmail Network will begin winding down due to unsustainable infrastructure costs and failed commercialization. Users must export data before this date. Separately, the Cosmos-based lending blockchain UX Chain will fully shut down. Finally, on Saturday, May 16, gaming infrastructure provider Lattice will wind down operations, with its Redstone Layer 2 network ceasing. Users are urged to withdraw assets, especially from contracts like Uniswap pools, before the shutdown.

链捕手2 мин. назад

This Week's Key Events Preview | U.S. to Release April CPI Data; U.S. Senate Banking Committee to Review "Digital Asset Market Structure Act of 2025"

链捕手2 мин. назад

Crypto ETF Weekly Report | Last Week, U.S. Bitcoin Spot ETFs Saw Net Inflows of $631 Million; U.S. Ethereum Spot ETFs Saw Net Inflows of $70.3 Million

Crypto ETF Weekly Report: US Bitcoin spot ETFs saw a net inflow of $631 million last week, bringing total net assets to $106.66 billion. BlackRock's IBIT led inflows with $596 million. US Ethereum spot ETFs recorded a net inflow of $70.3 million, with total net assets reaching $13.73 billion, primarily driven by BlackRock's ETHA ($100 million). In Hong Kong, Bitcoin spot ETFs had a net inflow of 15.57 BTC (assets: $320 million), while Ethereum spot ETFs saw no inflows. On the options front, Bitcoin spot ETF options saw a total notional trading volume of $976 million and a put/call ratio of 2.90, indicating heightened short-term trading activity and a bullish sentiment. Additionally, a market report noted Coinbase and Kraken dominate 22% of AI citations in the US crypto sector, with BlackRock's IBIT leading responses to "Bitcoin ETF" queries. Meanwhile, the SEC has delayed its review of the first batch of prediction market ETFs linked to real-world events like election outcomes.

链捕手2 мин. назад

Crypto ETF Weekly Report | Last Week, U.S. Bitcoin Spot ETFs Saw Net Inflows of $631 Million; U.S. Ethereum Spot ETFs Saw Net Inflows of $70.3 Million

链捕手2 мин. назад

Morning Post | Trump Media Group Releases Q1 Financial Report; Top Three DeFi Applications Return Nearly $100 Million in Revenue to Token Holders in 30 Days; Michael Saylor Shares Bitcoin Tracker Info Again

**Title: Daily Briefing | Trump Media Group Releases Q1 Report; Top 3 DeFi Apps Return Nearly $100M to Token Holders; Michael Saylor Signals Potential Bitcoin Buy** **Summary:** Key developments in the past 24 hours include: * **Economic Outlook:** Goldman Sachs has pushed back its forecast for the next two Federal Reserve interest rate cuts to December 2026 and March 2027, citing persistent inflationary pressures from energy costs. This delayed timeline is expected to tighten liquidity flow into risk assets, including cryptocurrencies. * **DeFi & Revenue:** Data from DefiLlama shows that three leading DeFi applications—Hyperliquid, Pump.fun, and EdgeX—collectively distributed $96.3 million in revenue to their token holders over the last 30 days. This trend highlights a shift in the crypto community's focus towards real protocol earnings and sustainable economic models. * **Corporate Bitcoin Moves:** Michael Saylor, founder of MicroStrategy (note: referred to as 'Strategy' in the text, likely a typographical error), has signaled potential upcoming Bitcoin purchases by posting a "Bitcoin Tracker" update, following a pattern that typically precedes the company's official disclosure of new acquisitions. * **Market Integrity:** Prediction market platform Polymarket announced updates to address platform issues, including identifying and banning clusters of accounts involved in "ghost-fill" activities and implementing measures to prevent bulk account creation. * **Regulation:** The Bank of England Governor warned that stablecoin regulation could lead to tensions between US and international regulators. In South Korea, the National Tax Service has launched a pilot program to entrust seized virtual assets to private custody firms for management. * **Meme Token Trends:** GMGN data lists the top trending meme tokens on Ethereum (e.g., HEX, SHIB), Solana (e.g., FWOG, TROLL), and Base (e.g., SKITTEN, PEPE) over the past day. **Financial Note:** Trump Media & Technology Group reported a Q1 loss of approximately $4 billion, primarily attributed to unrealized losses on its Bitcoin and other digital asset holdings.

链捕手32 мин. назад

Morning Post | Trump Media Group Releases Q1 Financial Report; Top Three DeFi Applications Return Nearly $100 Million in Revenue to Token Holders in 30 Days; Michael Saylor Shares Bitcoin Tracker Info Again

链捕手32 мин. назад

Telegram Takes Direct Control of TON, Social Traffic Rewrites the Public Chain Narrative

Telegram founder Pavel Durov announced that Telegram will replace the TON Foundation as the core driver and largest validator of The Open Network (TON). Key initiatives include a sixfold reduction in transaction fees, performance upgrades, and improved developer tools within the next few weeks. This marks a strategic shift from Telegram merely providing user access to deeply integrating TON into its platform's core infrastructure. The goal is to transform Telegram's massive social traffic into sustainable on-chain activity. While viral mini-apps like Notcoin have demonstrated Telegram's ability to drive user adoption, TON aims to support frequent, low-value transactions inherent to social platforms—such as tipping, in-app payments, and game rewards. Ultra-low fees and sub-second finality (0.6 seconds) are crucial to making blockchain interactions seamless and nearly invisible within the Telegram user experience. However, Telegram's increased central role raises questions about network decentralization. Durov argues that Telegram's participation will attract more large validators, thereby enhancing decentralization. TON also offers high annual staking rewards (18.8%), aiming to retain capital within its ecosystem. The fundamental challenge for TON is no longer leveraging Telegram's user base, but becoming an indispensable, seamless infrastructure layer for Telegram's everyday applications—moving from an adjacent chain to an embedded utility.

marsbit34 мин. назад

Telegram Takes Direct Control of TON, Social Traffic Rewrites the Public Chain Narrative

marsbit34 мин. назад

Telegram Takes Direct Control of TON, Social Traffic Reshapes Public Chain Narrative

Telegram's founder, Pavel Durov, has announced a major shift in the development of The Open Network (TON). Telegram will now become the core driver of TON, replacing the TON Foundation and becoming its largest validator. The focus will be on technical upgrades over the next few weeks, including slashing network fees by six times to near-zero and improving finality time to 0.6 seconds. This move signifies a deeper integration between Telegram and TON, moving beyond just providing a user base. The goal is to transform Telegram's vast social traffic and built-in features—like Mini Apps, payments, and bots—into sustainable, on-chain usage scenarios. The reduced fees and faster speeds are crucial for enabling the small, frequent transactions typical of social interactions. While this promises stronger execution and product alignment, it raises questions about centralization. Durov argues Telegram's involvement will attract more validators, enhancing decentralization, but the outcome remains to be seen. Additionally, TON's high annual staking reward of 18.8% aims to retain capital within the ecosystem. The key challenge for TON is no longer just leveraging Telegram's entry point, but becoming an invisible, seamless infrastructure layer within Telegram's daily use. Its success hinges on converting viral attention into lasting, embedded utility.

Odaily星球日报44 мин. назад

Telegram Takes Direct Control of TON, Social Traffic Reshapes Public Chain Narrative

Odaily星球日报44 мин. назад

Торговля

Спот
Фьючерсы
活动图片

Популярные категорииright-arrow

Популярные тегиright-arrow