Wallet Drainer 2025: Fewer Incidents but Increased Danger

The cryptocurrency market enters 2025 with a positive sign: phishing wallet drainer attacks have decreased significantly. According to a new report from Scam Sniffer, damages from drainers on EVM chains dropped 83% to $83.85 million, compared to the staggering $494 million in 2024. The number of victims also fell by 68%, down to just 106 people. On the surface, it seems like cybercriminals are being contained. But the truth is much more complicated.

When the Market Rises, Drainer Attacks Also Rise

The nature of drainer attacks is not about decreasing but adapting to market rhythms. Data from Scam Sniffer shows that when the crypto market surges, new users flood in, and that’s when drainer groups “feast.”

Q3 of 2025 is a clear example. Ethereum’s price rally caused $31 million in damages from drainers, nearly 29% of the total for the year. August hit a peak with $12.17 million lost. As the market cooled, attacks also declined — December saw only $2.04 million.

Especially notable, a phishing Permit attack in September worth $6.5 million shows that criminals are not retreating. Instead, they are becoming more sophisticated. Permit and Permit2 approvals account for 38% of large losses over $1 million. This mechanism allows a single click to wipe out all assets — the “backdoor” favorite among attackers.

Upgrading Pectra: New Opportunities for Drainer Attacks

When Ethereum upgraded Pectra, a new malicious code appeared: EIP-7702. This is a golden opportunity for drainer groups to exploit account abstraction as a hacker’s dream. In August, two major attacks totaling $2.54 million proved that criminals are shifting faster than financial sector moves.

Although the number of large-scale attacks dropped to 11 (from 30 in 2024), the trend is extremely concerning: drainer groups are shifting to target individual users rather than “whales.” The average amount lost per victim has decreased to $790, indicating they are expanding their reach but reducing the amount per attack to avoid detection.

“When old drainer groups disappear, new ones emerge,” Scam Sniffer warns. The criminal ecosystem operates like a many-headed monster — when one head is cut off, others grow back.

Drain Attacks Don’t Disappear, They Just Change Tactics

Looking more broadly, total crypto losses from hacks in December fell 60% to $76 million (from $194.2 million in November), according to PeckShield data. However, the overall picture remains bleak.

A $50 million poisoning attack on addresses — where fake wallets deceive users — and $27.3 million lost due to multi-sig key errors show that attack methods are only evolving, not disappearing.

The key takeaway from all these figures is: phishing wallet drainers thrive whenever the market rises, evolving with each technological upgrade. 2025 started with positive signs, but the “monster” drainer still lurks, adapting like an evolving creature.

As user numbers continue to grow, scam scale will only expand. The shadow of drainers may temporarily recede, but they are always ready to strike when the market heats up again. Stay vigilant, or you might be the next statistic in the endless game of cat and mouse between users and these draining groups.