Despite some drains exiting, the attacker ecosystem remains active, with new drainers taking their place as the landscape adapts to ongoing security measures.

Crypto phishing losses fell sharply in 2025, down about 83% to roughly $83.9 million, with affected wallets dropping about 68% to around 106,000, reflecting a significant improvement in wallet security and user protections.

Permit and Permit2 signature abuses emerged as major drivers of large losses, complemented by EIP-7702 batch signature techniques that exploited user approvals rather than direct smart-contract bugs.

Market activity appears to influence fraud patterns, with Q3 2025 seeing the highest damage around $31 million amid Ethereum’s rally, while August peaked earlier and December remained relatively quiet.

Overall fraud patterns correlate with market cycles, showing spikes when on-chain activity surges and declines during quieter periods.

Analysts note that improvements stem from better wallet warnings, more frequent use of approval revocation tools, and enhanced on-chain monitoring, though they caution that losses can spike again during market rallies or with new signing features.

A new attack vector in 2025 leveraged EIP-7702-based malicious signatures post-Ethereum upgrade, enabling attackers to bundle multiple actions into a single user signature and causing about $2.54 million in losses across two August cases.

Phishing activity trends track crypto market cycles: losses rise with higher on-chain activity and recede when markets cool, with August 2025 and Q3 2025 contributing a large share.

Security guidance remains: users should check approvals, avoid blind signing, and use wallet tools that flag risky requests, while regulators and exchanges monitor trends and individuals bear much of the responsibility for prevention.

Even as large-scale incidents declined, attackers shifted to frequent, lower-value strikes, with 2025 seeing 11 incidents above $1 million compared to 30 in 2024 and an average loss per victim around $790.

December 2025 alone saw crypto-hack losses drop 60% to about $76 million from November’s $194.2 million, as attacks consolidated into 26 major incidents that month, including notable cases like a $50 million address poisoning scam and a $27.3 million private key leak tied to a multi-signature wallet.

The largest phishing theft of 2025 reached $6.5 million and was linked to a malicious Permit signature, underscoring the ongoing effectiveness of Permit-based attack vectors.