Crypto phishing losses dropped 83% in 2025, falling to $83.85 million from $494 million in 2024, according to a Scam Sniffer report.
The number of victims also fell 68%, from 332,000 in 2024 to 106,106 in 2025. Large thefts over $1 million became much less common, dropping from 30 cases to 11, while the largest single theft fell 88.3% to $6.5 million.
Most losses happened during the third quarter, when crypto markets were active. Q3 losses totaled $31.04 million across 39,886 victims, with August and September alone accounting for $23.95 million. The average loss per victim in Q3 was $778, down from $969 in Q1.
As markets cooled in the fourth quarter, losses fell sharply. Q4 losses were $13.09 million across 22,592 victims, with December posting the lowest monthly total of $2.04 million and 5,313 victims.
Some monthly fluctuations were notable. In November, losses surged 137%, while the number of victims dropped 42%, raising the average loss per victim to $1,225 from $580 in October.
Attackers also exploited new blockchain features. EIP-7702, Permit, and Permit2 signatures were used in attacks totaling millions. The largest 2025 theft was $6.5 million in stETH and aEthWBTC stolen via a Permit signature in September. Other large incidents included $3.13 million WBTC in May and $3.05 million aEthUSDT in August.
Overall, phishing attacks fell sharply in 2025. The report highlighted that losses often rise during market rallies, showing that crypto security improves when trading activity slows and awareness grows.
