Reported losses from cryptocurrency phishing attacks plummeted 83% in 2025, falling to roughly $84 million from nearly $494 million the previous year.

According to a new annual report by Web3 security firm Scam Sniffer, incidents of “signature phishing” appear to be declining. However, the firm warned that this visible drop masks a darker underlying reality of more sophisticated actors.

Data Shows Phishing Losses Tracking Crypto Market Cycles

The annual report reveals a strong correlation between fraud and market volatility. Phishing activity peaked in the third quarter, resulting in losses of $31 million.

This surge coincided with the year’s strongest Ethereum price rally. During this period, ETH’s price rallied to near $5000 amid strong institutional interest in the digital asset.

The developments support the view that fraud behaves as a probability function of user activity, expanding as retail participation increases.

While the total volume of attacks declined, the lethality of individual incidents increased late in the year. In November, the number of victims fell by 42%, yet total financial losses spiked 137%.

This anomaly indicates that sophisticated attackers are abandoning low-value targets to focus on high-net-worth individuals, with the average loss per victim rising sharply to $1,225 during that period.

This anomaly signals a bifurcation in the threat landscape. Criminal groups are pivoting from mass-market spam to “whale hunting,” deploying sophisticated, targeted attacks aimed at high-net-worth individuals.

At the same time, technological upgrades within the crypto industry also introduced new vulnerabilities.

For context, the attackers quickly weaponized Ethereum’s “Pectra” upgrade, specifically exploiting EIP-7702.

This feature, designed to improve the user experience via account abstraction, was leveraged to bundle multiple malicious operations into a single signature, resulting in over $2.5 million in losses in August alone.

Scam Sniffer also pointed out that the total losses from these attacks could be significantly higher.

According to the firm, it tracked only on-chain signature scams and excluded losses from clipboard malware, social engineering, and direct private key compromises.