Scam Sniffer: Crypto Phishing Losses Fall to $83M in 2025

TLDR

• Crypto phishing losses dropped by 83 percent in 2025 compared to the previous year.
• A total of $83.85 million was lost to wallet drainer phishing scams affecting 106,106 victims globally.
• Losses were highest in the third quarter during strong market rallies in Bitcoin and Ethereum.
• The largest single phishing theft in 2025 resulted in a $6.5 million loss using a Permit-style signature.
• Only 11 cases exceeded $1 million in losses compared to 30 similar cases in 2024.

Crypto phishing losses dropped sharply in 2025, falling by over 83% compared to 2024, Scam Sniffer reported this week, as attackers stole $83.85 million through wallet drainer scams, targeting 106,106 users globally, which represented a sharp decline from the previous year when phishing attacks took nearly $500 million from over 330,000 victims, showing a substantial shift in attack volume and outcomes.

Q3 Led Crypto Phishing Attack Surge

Phishing-related wallet drainers led to $21.94 million in losses in Q1 2025, affecting over 22,000 users, according to Scam Sniffer. The report showed that as market activity slowed during early 2025, phishing attempts also declined.

In Q2, when the market began recovering, losses dropped to $17.78 million with around 21,000 victims impacted. Scam Sniffer linked lower engagement to reduced phishing attack success.

Q3 was the most active period, with losses surging to $31.04 million and 40,000 victims hit during Bitcoin and Ethereum rallies. August and September together accounted for 29% of all phishing losses.

In Q4, losses declined again to $13.09 million, the lowest quarter of 2025. Phishing activity slowed as markets stabilized and user engagement declined.

Permit and Approval Exploits Used in Major Thefts

The most expensive theft occurred in September using a Permit-style phishing signature, stealing $6.5 million in staked ETH and wrapped BTC. This attack type accounted for 38% of thefts over $1 million.

Permit and Permit2 allow approvals without transfers, making them prone to misuse. Attackers disguised malicious prompts as regular wallet permissions.

In May, an approval escalation exploit drained $3.13 million in wrapped BTC. August saw $3.05 million in stablecoins stolen through a direct transfer trick.

Only 11 thefts exceeded $1 million in 2025, compared to 30 such cases in 2024. Average victim losses also fell to $790 from nearly $1,500 the previous year.

Lazarus Breach and Google Task Phishing Cap Off the Year

February saw a $1.46 billion theft by the Lazarus Group, involving compromised developer systems at a Bybit wallet provider. They injected malicious code to fake approval prompts.

This supply chain breach was one of the year’s largest. It used social engineering and injected malware to exploit signing interfaces.

Throughout the year, attackers used phishing emails, hijacked front-ends, and backdoored open-source libraries to spread wallet malware. These methods enabled widespread private key theft.

In December, attackers sent fake Google Task emails to over 3,000 manufacturing firms. Victims clicked task buttons that led to phishing pages.

The emails bypassed filters using legitimate app integration tools. This allowed them to reach inboxes and trick employees without triggering alerts.

The post Scam Sniffer: Crypto Phishing Losses Fall to $83M in 2025 appeared first on CoinCentral.