According to a 2025 yearly report from blockchain security firm ScamSniffer, cryptocurrency phishing losses saw a dramatic 83% decrease, falling from $494 million in 2024 to $84 million. Despite this positive trend, the report warns that sophisticated wallet drainers remain a significant threat, increasingly targeting high-value holders with advanced tactics.
A prime example of this persistent threat occurred on January 3, 2026, when a single user lost approximately $1.08 million worth of Aave-wrapped Ethereum LBTC (aEthLBTC). The theft was executed via a malicious "permit" signature—an off-chain approval mechanism that allows tokens to be spent without an immediate on-chain transaction. Security experts believe the victim was tricked into signing the permit through a phishing site or cloned decentralized application (dApp). The stolen funds were rapidly converted to Ethereum (ETH) and laundered through the privacy mixer Tornado Cash.
SlowMist founder Cosine noted that the attack was not linked to mainstream drainer groups, suggesting the rise of smaller, sophisticated independent attackers. This incident underscores the ongoing risk of permit-based exploits, which rely on users' trust in routine signature requests that secretly authorize token transfers.
Simultaneously, a far more violent threat has escalated: so-called "wrench attacks," or physical assaults to coerce victims into surrendering crypto assets, reached record levels in 2025. Ari Redbord, Global Head of Policy at TRM Labs, declared 2025 a record year for such attacks, with roughly 60 reported physical assaults—a significant increase from 41 in 2024. He and other experts believe the actual number is much higher due to underreporting.
A public database maintained by Jameson Lopp, CTO of Casa, documented at least 65 wrench attacks in 2025. The year was marked by several horrific, high-profile cases:
In January, Ledger co-founder David Balland and his wife were kidnapped in France. The assailants severed one of Balland's fingers to pressure his associates for ransom. French authorities later arrested an alleged ringleader.
In Canada, a family in British Columbia was subjected to waterboarding, genital mutilation threats, and sexual assault during a 2024 attack that made headlines in 2025 during sentencing. The attackers stole approximately $1.6 million in cryptocurrency.
Other cases included a U.S. resident in London drugged and robbed of $72,000 in XRP and $50,000 in Bitcoin; an Italian businessman tortured with electric shocks in New York; and a Ukrainian student in Vienna who was beaten, set on fire, and later had his crypto wallets drained.
Tor Bair, CEO of Hybrid Minds Advisory, emphasized the human vulnerability, stating, "No matter how many technical precautions you take... no individual is immune to human attack vectors." The rise in these brutal crimes highlights that as cryptocurrency values increase, so do the stakes for personal security, extending far beyond digital wallet management.
