Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / coincentral /
Crypto Phishing Losses Plummet to $83M in 2025: Scam Sniffer Reports Major Security Milestone

Crypto Phishing Losses Plummet to $83M in 2025: Scam Sniffer Reports Major Security Milestone

Author:
coincentral
Published:
2026-01-03 20:42:32
5
1

Scam Sniffer: Crypto Phishing Losses Fall to $83M in 2025

Phishing attacks just got a lot less profitable.

Scam Sniffer's latest data reveals a dramatic drop in crypto thefts—losses from digital wallet drainers fell to just $83 million last year. That's a fraction of previous annual totals, signaling a potential turning point in the cat-and-mouse game between security firms and fraudsters.

The Defense Gets Smarter

Security protocols are evolving faster than the scams. Real-time transaction simulation now flags malicious approvals before they execute. Browser extensions block known phishing sites instantly. Community-driven blacklists spread warnings across social platforms within minutes of a new threat emerging.

Where the Threats Went

Attackers haven't disappeared—they've shifted tactics. Social engineering now targets smaller, more frequent gains. Fake airdrop sites and impersonated customer support accounts still snag the unwary. The difference? Enhanced wallet security catches most attempts before funds move.

Even traditional finance could learn a thing or two about building systems that actually protect users instead of just collecting fees for failed transactions.

The $83 million figure represents real progress, but it's not victory. As long as digital assets hold value, thieves will keep innovating. The industry's response? Build defenses that innovate faster.

TLDR

  • Crypto phishing losses dropped by 83 percent in 2025 compared to the previous year.
  • A total of $83.85 million was lost to wallet drainer phishing scams affecting 106,106 victims globally.
  • Losses were highest in the third quarter during strong market rallies in Bitcoin and Ethereum.
  • The largest single phishing theft in 2025 resulted in a $6.5 million loss using a Permit-style signature.
  • Only 11 cases exceeded $1 million in losses compared to 30 similar cases in 2024.

Crypto phishing losses dropped sharply in 2025, falling by over 83% compared to 2024, Scam Sniffer reported this week, as attackers stole $83.85 million through wallet drainer scams, targeting 106,106 users globally, which represented a sharp decline from the previous year when phishing attacks took nearly $500 million from over 330,000 victims, showing a substantial shift in attack volume and outcomes.

Q3 Led Crypto Phishing Attack Surge

Phishing-related wallet drainers led to $21.94 million in losses in Q1 2025, affecting over 22,000 users, according to Scam Sniffer. The report showed that as market activity slowed during early 2025, phishing attempts also declined.

In Q2, when the market began recovering, losses dropped to $17.78 million with around 21,000 victims impacted. Scam Sniffer linked lower engagement to reduced phishing attack success.

Q3 was the most active period, with losses surging to $31.04 million and 40,000 victims hit during Bitcoin and ethereum rallies. August and September together accounted for 29% of all phishing losses.

In Q4, losses declined again to $13.09 million, the lowest quarter of 2025. Phishing activity slowed as markets stabilized and user engagement declined.

Permit and Approval Exploits Used in Major Thefts

The most expensive theft occurred in September using a Permit-style phishing signature, stealing $6.5 million in staked ETH and wrapped BTC. This attack type accounted for 38% of thefts over $1 million.

Permit and Permit2 allow approvals without transfers, making them prone to misuse. Attackers disguised malicious prompts as regular wallet permissions.

In May, an approval escalation exploit drained $3.13 million in wrapped BTC. August saw $3.05 million in stablecoins stolen through a direct transfer trick.

Only 11 thefts exceeded $1 million in 2025, compared to 30 such cases in 2024. Average victim losses also fell to $790 from nearly $1,500 the previous year.

Lazarus Breach and Google Task Phishing Cap Off the Year

February saw a $1.46 billion theft by the Lazarus Group, involving compromised developer systems at a Bybit wallet provider. They injected malicious code to fake approval prompts.

This supply chain breach was one of the year’s largest. It used social engineering and injected malware to exploit signing interfaces.

Throughout the year, attackers used phishing emails, hijacked front-ends, and backdoored open-source libraries to spread wallet malware. These methods enabled widespread private key theft.

In December, attackers sent fake Google Task emails to over 3,000 manufacturing firms. Victims clicked task buttons that led to phishing pages.

The emails bypassed filters using legitimate app integration tools. This allowed them to reach inboxes and trick employees without triggering alerts.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2026 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.