BlockBeats news: On January 3, a report from the Web3 security platform Scam Sniffer showed that losses from crypto phishing attacks related to wallet-draining "drainers" in 2025 dropped to approximately $83.85 million, a significant 83% decrease from nearly $494 million in 2024. The number of victims also fell to 106, a 68% year-over-year decline.
However, the report noted that phishing attacks have not disappeared but are highly correlated with market cycles. In the third quarter of 2025, with the strong rebound of Ethereum, phishing losses reached a yearly high of $31 million, accounting for nearly 29% of the total annual losses. Monthly losses were lowest in December at around $2.04 million and highest in August at $12.17 million.
From a methodological perspective, Permit / Permit2 phishing authorization remains the most effective tool for attackers. In 2025, the largest single incident occurred in September, resulting in a loss of $6.5 million. Additionally, with the Ethereum Pectra upgrade, new malicious signature attacks based on EIP-7702 quickly emerged, with two incidents in August causing a combined loss of $2.54 million.
Notably, the number of large-scale cases has significantly decreased—only 11 incidents in 2025 involved losses exceeding $1 million, down from 30 in 2024. However, attackers have shifted toward a "small-amount, high-frequency" strategy, reducing the average loss per victim to $790. Scam Sniffer summarized: "The drainer ecosystem is still active—old ones exit, and new ones keep emerging."
In addition, PeckShield data shows that losses from crypto hackers and security incidents in December 2025 amounted to approximately $76 million, a 60% decrease compared to the previous quarter. However, attack activities remain frequent.