Drainer Phishing Attacks Decline Significantly in 2025, But Hidden Risks Demand Vigilance

Data from 2025 shows a significant decline in wallet drainer attacks caused by phishing methods. According to the latest report from on-chain security monitoring platform Scam Sniffer, the total losses from drainer attacks on EVM chains amounted to only $83.85 million, down 83% from $494 million in 2024. The number of victims also dropped from 331 last year to 106, a 68% decrease. These figures seem encouraging, but the underlying truth is far from optimistic.

How Drainer Activities Follow Market Trends

Although drainer attacks appear to be waning, they are actually closely tied to the crypto market’s boom and bust cycles. In Q3 2025, Ethereum’s rally caused drainer-related losses to surge to $31 million, nearly 29% of the year’s total losses. August was the peak month for drainer activity, with losses reaching $12.17 million, while December saw a drop to $2.04 million.

The logic behind this pattern is clear—when the market rises and attracts new users, drainer gangs enter their “harvest season.” A phishing attack involving permit signatures in September resulted in $6.5 million in losses, demonstrating the drainer’s precise targeting ability. Permit and Permit2 approval mechanisms have become primary targets, accounting for 38% of cases involving losses over $100,000.

Evolving Threats Behind Technical Upgrades

The Ethereum Pectra upgrade introduced the EIP-7702 standard, which brought new possibilities for account abstraction but also created new attack surfaces for drainers. In August, two major drainer attacks exploited this feature, causing $2.54 million in losses.

While large-scale drainer attacks over $1 million decreased from 30 cases in 2024 to 11 in 2025, this does not mean the threat has diminished. On the contrary, drainer groups have shifted strategies from hunting “whales” to targeting ordinary users. The average loss per victim has dropped to $790, indicating a move from precision strikes to broad, indiscriminate attacks.

Beware of Emerging Drainer Forces

According to data from PeckShield, total losses from crypto hacking incidents in December amounted to $76 million, down 60% from $194.2 million in November. However, Scam Sniffer issues a warning—whenever old drainer gangs disappear, new ones tend to emerge.

This ecosystem is like a multi-headed monster: cut off one head, and another appears. The evolution speed of drainer attacks is astonishing; they quickly adapt to market changes and technological upgrades. From traditional approve-based scams to exploiting permit mechanisms, and now reacting instantly to new features, drainers demonstrate remarkable adaptability.

As user numbers grow and market size expands, although individual losses are decreasing, the overall threat surface is expanding. Only by remaining vigilant, regularly reviewing wallet permissions, and being cautious with signature requests can users avoid becoming the next victims of drainer attacks.