Cryptocurrency phishing losses dropped significantly in 2025, with wallet drainer scams causing $83.85 million in losses compared with nearly $494 million in 2024.
The year-on-year decline represented an 83% reduction in financial damage from phishing-related wallet attacks.
The number of victims also fell to around 106,000 users, marking a 68% decrease from the previous year.
Analysts attributed the decline to fewer large-scale attacks and reduced exposure across parts of the crypto market.
Despite the improvement, security experts warned that phishing risks continue to evolve rather than disappear.
Scam Sniffer data showed wallet drainer activity remained closely linked to market sentiment and trading volume.
Periods of strong price rallies encouraged higher user participation, increasing opportunities for attackers.
The third quarter of 2025 recorded the highest phishing losses of the year at $31 million during a major Ethereum rally.
Monthly losses fluctuated widely, ranging from $2.04 million in December to $12.17 million in August.
August and September together accounted for 29% of total annual losses, affecting more than 30,700 users.
The largest single phishing incident in 2025 occurred in September, with $6.5 million stolen using a permit signature.
This figure was substantially lower than the $55.48 million single attack recorded in 2024.
Permit and Permit2 approvals remained the most exploited techniques, contributing to 38% of major losses.
A new attack method emerged following the Pectra network upgrade through the use of EIP-7702.
The technique allowed attackers to execute multiple malicious actions within one transaction signature.
Two major EIP-7702-related incidents in August caused combined losses of $2.54 million.
Large-scale phishing attacks became less frequent in 2025 compared with the previous year.
Only 11 phishing events exceeded $1 million in losses, down from 30 such cases in 2024.
The average loss per victim fell to $790 from $1,488 a year earlier.
Broader blockchain security challenges persisted beyond phishing-related activity.
SlowMist recorded 200 security incidents in 2025, resulting in $2.935 billion in total losses.
This compared with 410 incidents and $2.013 billion in losses reported in 2024.
Ethereum (CRYPTO:ETH) experienced the highest ecosystem losses at $183.25 million, followed by Solana and Arbitrum.
Decentralised finance projects accounted for 126 incidents and $649 million in losses.
Centralised exchanges suffered 22 incidents totalling $1.809 billion in damages.
A single breach at Bybit contributed $1.46 billion to overall losses for the year.
PeckShield reported crypto security losses fell to $76 million in December 2025 from $194.27 million in November.
The December decline still included 26 major security incidents across the sector.
The largest December case involved a $50 million address poisoning scam.
Another incident saw $27.3 million stolen from a compromised multi-signature wallet.
At the time of reporting, Ethereum price was $3,136.42.