{"id":92781,"date":"2025-12-30T17:02:54","date_gmt":"2025-12-30T14:02:54","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=92781"},"modified":"2025-12-31T07:26:33","modified_gmt":"2025-12-31T04:26:33","slug":"crypto-phishing-losses-plunge-83-in-2025","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/crypto-phishing-losses-plunge-83-in-2025\/","title":{"rendered":"Crypto Phishing Losses Drop by 83% in 2025"},"content":{"rendered":"

Funds stolen via phishing attacks fell 83% to $83.85 million in 2025, according to a report by SlowMist<\/a>.<\/p>\n

\"\u0421\u043d\u0438\u043c\u043e\u043a
Source: SlowMist.<\/figcaption><\/figure>\n

In 2024 the figure stood at $494 million. The number of affected users also decreased \u2014 106,106 people fell victim, down 68% year on year.<\/p>\n

Analysts identified a direct correlation between market activity and the success of attacks. The peak came in the third quarter, when Ethereum rallied. In August and September scammers stole about 29% of the annual total (over $31 million).<\/p>\n

In the fourth quarter, as markets cooled, drainer activity fell to a low \u2014 losses in December were just $2.04 million.<\/p>\n

Key attack methods:<\/p>\n

    \n
  1. Permit signatures<\/span>.<\/strong> They remain the primary tool for thefts, accounting for 38% of major incidents (losses above $1 million).<\/li>\n
  2. EIP-7702<\/strong><\/a>. After the Pectra<\/a> upgrade, a new threat vector emerged. Attackers began using account abstraction<\/a> to bundle malicious operations.<\/li>\n<\/ol>\n

    The largest single theft of the year occurred in September \u2014 a user lost $6.5 million due to a forged Permit signature.<\/p>\n

    \"\u0421\u043d\u0438\u043c\u043e\u043a
    Source: SlowMist.<\/figcaption><\/figure>\n

    Experts cautioned that lower figures do not mean the threat has disappeared. The drainer ecosystem is evolving, splitting into mass phishing aimed at retail users and sophisticated targeted attacks on major projects.<\/p>\n

    \n

    \u201cIf markets recover, hacking activity will rise with them,\u201d the researchers said.<\/em><\/p>\n<\/blockquote>\n

    Total losses rose 46%<\/h2>\n

    Despite the downturn in phishing drainers, overall damage to the crypto industry rose sharply in 2025. SlowMist logged 200 security incidents with aggregate losses of $2.935 billion.<\/p>\n

    \"\u0421\u043d\u0438\u043c\u043e\u043a
    Source: SlowMist.<\/figcaption><\/figure>\n

    By comparison, 2024 saw twice as many attacks (410) but a smaller haul of $2.013 billion. The year\u2019s pattern: fewer breaches, but larger average hauls and more severe fallout.<\/p>\n

    The most targeted ecosystem remained Ethereum ($183 million in losses), followed by Solana<\/a> and Arbitrum<\/a> with about $17 million each.<\/p>\n

    \"\u0421\u043d\u0438\u043c\u043e\u043a
    Source: SlowMist.<\/figcaption><\/figure>\n

    Centralised exchanges lost more than DeFi<\/h2>\n

    In 2025 the focus of attacks shifted from decentralised protocols to large centralised platforms (CeFi).<\/p>\n

    The DeFi sector remained the leader by number of incidents (126 breaches, 63% of the total). However, total losses in the segment fell 37% to $649 million.<\/p>\n

    \"\u0421\u043d\u0438\u043c\u043e\u043a
    Source: SlowMist.<\/figcaption><\/figure>\n

    CeFi saw just 22 incidents, but the damage was colossal \u2014 $1.8 billion.<\/p>\n

    The year\u2019s main \u201cevent\u201d was the Bybit exchange hack<\/a>, in which attackers withdrew $1.46 billion in assets. Experts linked the attack to North Korean hackers.<\/p>\n

    The top three incidents also included attacks on Cetus Protocol<\/a> ($230 million) and Balancer V2<\/a> ($121 million).<\/p>\n

    Social engineering: fake employers and counterfeit wallets<\/h2>\n

    Hackers increasingly forgo technical intrusions in favour of manipulating people. The report highlighted the main ploys:<\/p>\n