Резкое падение ущерба от криптофишинга: как объем похищенных средств сократился до $83,85 млн в 2025 году Translation: Sharp drop in crypto phishing losses: how the volume of stolen funds decreased to $83.85 million in 2025

The volume of funds stolen through phishing attacks plummeted by 83%, amounting to $83.85 million in 2025. This information is detailed in a report by SlowMist.

In 2024, the figure had reached $494 million. The number of affected users also declined, with 106,106 individuals falling victim to cybercriminals, reflecting a 68% decrease compared to the previous year.

Analysts identified a direct correlation between market activity and the success of attacks. The peak of thefts coincided with the third quarter, during which Ethereum experienced a rally. In August and September, scammers stole approximately 29% of the annual total (over $31 million).

In the fourth quarter, as the market cooled down, the activity of drainers dropped to a minimum, with December’s losses totaling just $2.04 million.

Key attack methods:

The largest single theft of the year occurred in September, with a user losing $6.5 million due to a counterfeit Permit signature.

Experts cautioned that the decrease in figures does not signify the eradication of the threat. The draining ecosystem is evolving, showing a split between mass phishing targeting retail users and sophisticated attacks aimed at large projects.

*“If the markets recover, hacker activity will rise alongside them,”* the researchers emphasized.

Despite the decrease in phishing drainer activity, the overall damage to the crypto industry significantly increased in 2025. Analysts from SlowMist recorded 200 security incidents with total losses amounting to $2.935 billion.

For comparison, in 2024 there were twice as many attacks (410), but the stolen amount was lower at $2.013 billion. The trend for the year: the number of hacks is decreasing, but the “average ticket” and severity of consequences are on the rise.

Ethereum remained the most attacked ecosystem with losses of $183 million, followed by Solana and Arbitrum, each suffering losses of around $17 million.

In 2025, the attack vector shifted from decentralized protocols to major centralized platforms (CeFi).

The DeFi sector continues to lead in the number of incidents (126 hacks, 63% of the total). However, cumulative losses in this area fell by 37% to $649 million.

In the CeFi segment, there were only 22 incidents, but the financial losses were staggering at $1.8 billion.

The year’s main “event” was the hack of the Bybit exchange, where cybercriminals extracted assets totaling $1.46 billion. Experts linked the attack to North Korean hackers.

The top three incidents also included attacks on Cetus Protocol ($230 million) and Balancer V2 ($121 million).

Hackers are increasingly moving away from technical hacks in favor of manipulating people. The report highlighted the main schemes:

Cybercriminals target software supply chains to infect numerous users at once;

Artificial intelligence has become a powerful tool in the hands of fraudsters. Deepfake technology is used to create videos featuring famous personalities promoting scam projects.

Instances of corporate fraud were recorded: an employee of a Hong Kong company transferred large sums to criminals after a video conference where all of his “colleagues” and “superiors” were generated by an AI in real-time.

Additionally, hackers employ AI models (such as Gemini or Claude) to write and constantly modify malicious code to evade antivirus systems.

It should be noted that since the beginning of the year, hackers have stolen cryptocurrencies valued at over $3.4 billion, according to Chainalysis.