According to a new report from Web3 security platform Scam Sniffer, financial losses from wallet-drainer phishing attacks across Ethereum-compatible chains fell dramatically in 2025. Total losses dropped to approximately $83.85 million, marking an 83% decrease from the nearly $494 million recorded in 2024. The number of affected users also saw a significant decline, falling by 68% to around 106,000 victims.
Despite the sharp drop in aggregate losses, the report cautions that the phishing threat has not disappeared but has adapted. The decline is largely attributed to lower overall market activity rather than a fundamental improvement in security. Phishing losses closely tracked market cycles, with spikes occurring during periods of heightened on-chain activity. The third quarter of 2025, which coincided with Ethereum's strongest rally of the year, recorded the highest losses at $31 million, with August and September alone accounting for nearly 29% of the annual total.
Attackers shifted their strategies, moving away from large-scale heists. The number of incidents exceeding $1 million fell to just 11 in 2025, down from 30 the previous year. Instead, scammers focused on lower-value, higher-volume campaigns targeting retail users, pulling the average loss per victim down to $790.
The report highlighted that Permit and Permit2 approvals remained the most effective tools for attackers, responsible for 38% of losses in cases over $1 million, including the year's largest single theft of $6.5 million in September. Furthermore, attackers quickly exploited new protocol features. Following Ethereum's Pectra upgrade, they began abusing EIP-7702-based signatures, which allow multiple malicious actions to be bundled into a single user approval. Two such incidents in August resulted in $2.54 million in losses, demonstrating the rapid adaptation of threat actors to technological changes.
