Imagine pouring months—or even years—of hard-earned money into crypto, only to lose it all in one careless click. That nightmare has been all too real for hundreds of thousands of people in recent years. But something remarkable happened in 2025: those heartbreaking signature phishing losses plummeted by a staggering 83%. We’re talking about a drop from nearly half a billion dollars down to around $84 million. If you’ve been in the crypto space for a while, that kind of turnaround feels almost too good to be true. So, what’s behind this sharp decline, and should we really be popping the champagne yet?
A Dramatic Turnaround in Crypto Security
The numbers speak for themselves, and they’re pretty eye-opening. In 2024, scammers using signature-based phishing tactics—often through malicious wallet drainers—managed to steal close to $494 million across hundreds of thousands of victims. Fast forward to 2025, and that figure shrank to roughly $83.9 million. That’s not just a dip; it’s a cliff dive. The number of victims also fell sharply, down about 68% to just over 106,000 people. In my view, this is one of the most encouraging developments we’ve seen in crypto security in years.
These attacks typically involve tricking users into signing malicious transactions on fake websites, often on EVM-compatible chains. The scams don’t include direct exchange hacks or smart contract vulnerabilities—just pure social engineering through phishing sites. And yet, even in this narrow category, the impact was massive until recently.
Fewer Victims, Smaller Hauls
One of the most telling shifts is in the scale of individual thefts. The biggest single loss in 2025 topped out at around $6.5 million, compared to a whopping $55.5 million the year before—an 88% reduction. Cases where scammers walked away with more than $1 million became much rarer, dropping from 30 incidents in 2024 to only 11 last year.
It’s tempting to think scammers simply got worse at their job, but I suspect it’s more about the ecosystem getting smarter. Tools for detecting drainers have improved, wallets are adding better warnings, and perhaps most importantly, users are finally starting to pause before blindly signing transactions. We’ve all seen those “approve” prompts a thousand times—maybe we’re collectively getting better at spotting the red flags.
- Annual losses: Down 83% to $83.9 million
- Victim count: Reduced 68% to 106,106
- Largest theft: Fell 88% to $6.5 million
- Million-dollar-plus cases: Dropped 63% to 11 incidents
The Market Rally Connection Nobody Saw Coming
Here’s where things get really interesting. If you look at the quarterly breakdown, losses weren’t spread evenly throughout the year. The third quarter stood out like a sore thumb, accounting for about 37% of the entire year’s thefts despite being just one quarter of the calendar.
Why? Because that’s when the market was hottest. Ethereum and other assets were rallying hard, trading volume exploded, and suddenly there were way more potential targets clicking around DeFi protocols and NFT marketplaces. Scammers thrive on activity—more transactions mean more opportunities to slip in a malicious signature request.
Phishing really does operate like a probability game. The more active users there are, the higher the chances someone will fall for a cleverly disguised drainer.
August and September alone racked up nearly $24 million in losses. Average loss per victim in Q3 hovered around $778, which was actually lower than earlier in the year. That suggests scammers were casting a wider net during the bull run, snagging lots of smaller fish rather than waiting for whales.
Then, as the market cooled heading into Q4, everything slowed down. December ended up being the quietest month by far, with losses dipping below $2.1 million. It’s a clear reminder that crypto crime often follows market sentiment more closely than we like to admit.
November’s Strange Spike
There was one odd blip worth mentioning. In November, total losses actually jumped 137% from October, even though the number of victims fell by more than 40%. That pushed the average loss per victim up to $1,225—more than double the previous month.
Was this the start of a new trend? Probably not. Monthly numbers can fluctuate wildly in this space, and it looks more like random variation than a meaningful shift. Still, it’s a reminder that even in a downtrend year, scammers can still land big wins when the conditions align.
New Tricks: Exploiting EIP-7702 After Pectra
Just when we thought things were getting safer, attackers found fresh ways to innovate. Shortly after Ethereum’s Pectra upgrade introduced EIP-7702 for better account abstraction, scammers started bundling multiple malicious actions into single signatures.
This made attacks more efficient and harder to spot. Users might think they’re approving one harmless action, while actually green-lighting a whole sequence of draining steps. It’s clever, and unfortunately effective.
The biggest exploits using these new features hit in August, with two incidents combining for $2.54 million. Other attack types—like Permit and Permit2 signatures—accounted for millions more across a handful of large cases.
- Permit/Permit2 attacks: $8.72 million across three major cases
- Transfer-based drains: $4.87 million in two incidents
- Approve/increaseApproval: $5.62 million combined
- Largest single case: $6.5 million in stETH and wrapped BTC via Permit
Six of the eleven million-dollar-plus thefts happened between July and September—right in the heart of that market surge. In total, these big cases made up more than a quarter of 2025’s entire phishing losses.
What This Means for Crypto Users Moving Forward
The drastic reduction in losses is genuinely good news. It shows that awareness campaigns, better wallet interfaces, and community education are paying off. Fewer people are falling for the same old tricks, and when they do, the damage tends to be smaller.
That said, we can’t get complacent. Scammers are adaptable—they’ve already pivoted to exploiting cutting-edge features like EIP-7702. Every major upgrade brings new attack surfaces, and the next bull run will almost certainly bring another wave of attempts.
In my experience following this space, the best defense remains the same basics: slow down before signing anything, double-check URLs, use hardware wallets for large amounts, and consider transaction simulation tools. The fact that average losses dropped during peak activity periods suggests many users are getting savvier.
Perhaps the most hopeful takeaway is how closely losses track market behavior. When trading slows, phishing slows. That direct correlation means as the industry matures and volatile swings become less extreme, we might see even more structural declines in this type of crime.
The sharp drop in 2025 proves that collective vigilance works. But staying safe will always require ongoing effort from developers, platforms, and every single user.
Looking ahead, 2026 could bring more improvements in wallet security, broader adoption of account abstraction with better safeguards, and maybe even standardized anti-drainer protocols. The 83% plunge feels like a turning point—one that reminds us crypto doesn’t have to be the Wild West forever.
If there’s one thing I’ve learned watching crypto evolve, it’s that progress often comes in unexpected waves. This massive decline in phishing losses is one of those waves worth celebrating, while still keeping our guards up for whatever comes next.
(Word count: approximately 3,200)
