Headline: Криптофишинг: Снижение ущерба на 83% и рост угроз в 2025 году Translation: Crypto Phishing: 83% Decrease in Damage and Rising Threats in 2025

The value of funds stolen through phishing attacks decreased by 83%, totaling $83.85 million in 2025, according to a report by SlowMist.

In 2024, this figure was $494 million. The number of affected users also fell significantly, with 106,106 individuals falling victim to cybercriminals, marking a 68% decline compared to the previous year.

Analysts have identified a direct correlation between market activity and the success of the attacks. The peak in thefts occurred in the third quarter, coinciding with an Ethereum rally. In August and September, scammers took approximately 29% of the total annual amount (over $31 million).

In the fourth quarter, as the market cooled, the activity of drainers fell to a low, with losses in December amounting to just $2.04 million.

Key attack methods included:

The largest single theft of the year happened in September when a user lost $6.5 million due to a counterfeit Permit signature.

Experts have cautioned that the declining figures do not signify the disappearance of the threat. The ecosystem of drainers is evolving, with a distinction emerging between mass phishing targeting retail users and sophisticated attacks aimed at larger projects.

«If the markets recover, hacker activity will rise alongside them,» researchers emphasized.

Despite the downturn in phishing drainer activity, the overall damage to the crypto industry significantly increased in 2025. SlowMist analysts recorded 200 security incidents with cumulative losses reaching $2.935 billion.

In comparison, there were twice as many attacks in 2024 (410 incidents), but the total stolen amount was lower at $2.013 billion. The year’s trend shows a decrease in the number of hacks, but an increase in the «average ticket» and the severity of consequences.

Ethereum remained the most targeted ecosystem, suffering $183 million in losses. Following were Solana and Arbitrum with losses of around $17 million each.

In 2025, the focus of attacks shifted from decentralized protocols to major centralized platforms (CeFi).

The DeFi sector still leads in incident count (126 hacks, accounting for 63% of the total). However, the overall damage in this sector declined by 37%, totaling $649 million.

In the CeFi segment, there were only 22 incidents, but the losses were staggering—$1.8 billion.

The major «event of the year» was the hack of the Bybit exchange, where attackers withdrew assets amounting to $1.46 billion. Experts linked the attack to North Korean hackers.

The top three incidents also included attacks on Cetus Protocol ($230 million) and Balancer V2 ($121 million).

Hackers are increasingly moving away from technical breaches in favor of manipulating individuals. The report highlighted key schemes:

Criminals attack software supply chains to infect a large number of users at once.

Artificial intelligence has become a powerful tool in the hands of scammers. Deepfake technology is being used to create videos of public figures promoting scam projects.

There have been cases of corporate fraud: an employee of a Hong Kong company transferred large sums to criminals after a video conference where all his «colleagues» and «superiors» were generated in real time by an AI.

Hackers are also employing AI models (such as Gemini or Claude) to write and constantly modify malicious code to evade antivirus systems.

It’s worth noting that since the beginning of the year, hackers have stolen cryptocurrencies worth over $3.4 billion, as estimated by Chainalysis.