Scam Sniffer: Crypto Phishing Losses Drop to $83M in 2025

Posted on by

TLDR

  • In 2025, crypto phishing losses decreased by 83 percent compared to the previous year.
  • Wallet drainer phishing scams caused a total loss of $83.85 million, affecting 106,106 victims globally.
  • Losses were at their highest in the third quarter during significant market rallies in Bitcoin and Ethereum.
  • The largest single phishing theft in 2025, which used a Permit-style signature, resulted in a $6.5 million loss.
  • Only 11 cases had losses exceeding $1 million, compared to 30 similar cases in 2024.

This week, Scam Sniffer reported that crypto phishing losses dropped significantly in 2025, falling by over 83% compared to 2024. Attackers stole $83.85 million through wallet drainer scams, targeting 106,106 users globally. This represents a sharp decline from the previous year when nearly $500 million was taken from over 330,000 victims, indicating a substantial shift in attack volume and outcomes.

Q3 Led Crypto Phishing Attack Surge

According to Scam Sniffer, in Q1 2025, losses amounted to $21.94 million, affecting over 22,000 users. The report shows that as market activity slowed in early 2025, phishing attempts also decreased.

In Q2, when the market started to recover, losses dropped to $17.78 million, with around 21,000 victims affected. Scam Sniffer attributed the lower engagement to a reduced success rate of phishing attacks.

Q3 was the most active period, with losses surging to $31.04 million and 40,000 victims being targeted during Bitcoin and Ethereum rallies. August and September together accounted for 29% of all phishing losses.

In Q4, losses decreased again to $13.09 million, the lowest for the quarter in 2025. Phishing activity slowed as markets stabilized and user engagement declined.

Permit and Approval Exploits Used in Major Thefts

The costliest theft occurred in September using a Permit-style phishing signature, stealing $6.5 million in staked ETH and wrapped BTC. This type of attack accounted for 38% of thefts exceeding $1 million.

Permit and Permit2 enable approvals without transfers, making them vulnerable to misuse. Attackers disguised malicious prompts as regular wallet permissions.

In May, an approval escalation exploit drained $3.13 million in wrapped BTC. In August, $3.05 million in stablecoins was stolen through a direct transfer trick.

In 2025, only 11 thefts exceeded $1 million, compared to 30 such cases in 2024. The average loss per victim also dropped to $790 from nearly $1,500 the previous year.

Lazarus Breach and Google Task Phishing Cap Off the Year

In February, there was a $1.46 billion theft by the [unspecified entity], involving compromised developer systems at a Bybit wallet provider. They injected malicious code to fake approval prompts.

This supply chain breach was one of the largest of the year. It employed social engineering and injected malware to exploit signing interfaces.

Throughout the year, attackers used phishing emails, hijacked front-ends, and backdoored open-source libraries to spread wallet malware. These methods facilitated widespread private key theft.

In December, attackers sent fake Google Task emails to over 3,000 manufacturing firms. Victims who clicked on the task buttons were led to phishing pages.

The emails bypassed filters by using legitimate app integration tools, allowing them to reach inboxes and deceive employees without triggering alerts.