2025: A Year of Crypto Phishing Evolution
The landscape of crypto security saw a significant shift in 2025. While overall phishing losses dramatically decreased, the underlying threat landscape proved to be far more nuanced. Reports indicate an 83% reduction in losses attributed to wallet drainers, dropping to $83.85 million from nearly $494 million the previous year. Simultaneously, the number of victims plunged by 68%, hinting at a potential success in preventative measures or changes in attacker tactics. Yet, a deeper dive reveals the story is not quite that simple.
Market Cycles and Attacker Adaptability
The report from Web3 security platform Scam Sniffer highlights a key factor: phishing activity closely follows market cycles. Periods of heightened on-chain activity, particularly during Ethereum (ETH)’s strongest rally in Q3 2025, correlated with higher phishing losses. This suggests that the attackers are incredibly adaptable, understanding that increased user activity translates to more potential targets. The fluctuations are also seen in the monthly losses ranging from a low of $2.04 million in December to a high of $12.17 million in August, correlating directly with market activity.
The Evolving Tactics of Drainers
While the overall losses may have decreased, the report reveals the drainer ecosystem is not dormant but rather evolving. The report notes that attacks are moving away from larger, more high-profile heists, instead favoring a strategy of smaller-value, high-volume attacks, implying a wider net is being cast across the retail sector. The average loss per victim fell to $790, which supports this change.
New Attack Vectors Emerge
Perhaps the most concerning aspect of the report is the emergence of new attack vectors. The Ethereum Pectra upgrade prompted attackers to leverage EIP-7702-based malicious signatures, which gave rise to the capability of exploiting account abstraction. This resulted in cases of substantial losses, demonstrating the agility of attackers to quickly adapt to protocol changes. Permit and Permit2 approvals continue to be tools of choice for attackers, accounting for a significant portion of losses.
The Drainer Ecosystem Remains Active
The core takeaway is clear: the threat hasn’t disappeared. As old drainers exit, new ones step in. The decline in losses should be viewed with cautious optimism. While security improvements and user awareness may have contributed to the decline, the drainer ecosystem is demonstrably dynamic, and the constant evolution of attack methods emphasizes the ongoing need for vigilance in the crypto space. The report underscores the need for continuous education, diligent security practices, and further innovation in defense strategies to mitigate the ongoing risks associated with phishing and other forms of crypto-related cybercrime.
