Sudden Drop but Drainers Still Hidden: The Dangerous Truths About Crypto Scams in 2025

2025 begins with good news for the crypto community: wallet drainer phishing attacks seem to have “retreated” significantly. According to Scam Sniffer reports on activity across EVM blockchains, damages from drainers have decreased by 83%, down to $83.85 million from a staggering $494 million in 2024. The number of victims also dropped by 68%, affecting only 106 people. At first glance, it appears that efforts to combat crime have achieved notable success. However, behind these numbers lie some less optimistic realities.

Sharp Decline — But Drainer Criminals Have Changed Strategies

An 83% reduction sounds impressive, but this mainly reflects changes in the behavior of drainer attack groups, not their disappearance. Most of the significant losses were reported in Q3 2025, with $31 million lost solely to drainers — nearly 29% of the total annual damage. August was the peak month with $12.17 million, while December dropped to $2.04 million.

A September permit phishing attack worth $6.5 million proved that drainer groups are not stopping. Instead, they are refining their attack methods, exploiting digital signatures and approval mechanisms to carry out malicious activities. Permit and Permit2 approvals now account for 38% of total losses over $1 million — “backdoors” favored by attackers because they allow full control of assets with just one click.

From Whales to Retail Investors: Drainers Have Changed Targets

A major strategic shift among drainer groups is that they are no longer focusing solely on “whales” (large investors). The number of incidents over $1 million has decreased from 30 in 2024 to 11. However, the average amount lost per victim has dropped to just $790.

This indicates that drainer groups are “mass-producing” attacks — instead of targeting a few wealthy victims, they are now aiming at large numbers of ordinary users. This approach may be less lucrative but provides more stable and scalable results. Scam Sniffer warns that when old drainer groups disappear or are exposed, new ones quickly emerge to replace them, creating an ever-evolving criminal ecosystem.

Ethereum Pectra Upgrade: New Vulnerabilities for Drainers to Exploit

A greater concern arises with the rollout of Ethereum’s Pectra upgrade. The new signature mechanism, EIP-7702, designed to support account abstraction — a technology aimed at improving user experience — also opens new opportunities for drainer groups to exploit.

August saw two major attacks related to this technology, with total damages of $2.54 million. Security experts note that cybercriminals adapt faster than governments or large financial institutions. Additionally, PeckShield reports that in December, total crypto hack damages decreased by 60%, down to $76 million from $194.2 million in November, but private multi-sig errors caused losses of $27.3 million, along with a address poisoning incident worth $50 million.

Phishing Drainers Still Pose a Threat — Danger Always Lurks

Although damages have decreased, phishing drainers will continue to evolve. Trends show that during bullish markets, the number of victims and losses from drainers tend to increase. Whenever Ethereum or other blockchains upgrade with new technology, attack groups find corresponding vulnerabilities to exploit.

In reality, the scam ecosystem operates like a “self-regulating mechanism”: when markets rise, threats increase; when markets cool, activity diminishes. But drainer groups never fully disappear. New groups constantly emerge, tactics are continually refined, and fears remain lurking in the shadows of the crypto world.

To avoid becoming the next victim, users must stay more vigilant than ever. Do not trust verification links too quickly, carefully check approval transactions, and stay updated on the latest phishing techniques. Only through these measures can risks from drainer groups and other security threats in the crypto space be minimized.