In brief
- Signature phishing victims jumped more than 200% in January, with $6.27 million stolen, blockchain security firm Scam Sniffer warned.
- Despite the spike, total phishing losses in 2025 were sharply lower than in 2024.
- Cheaper Ethereum fees after the Fusaka upgrade have made phishing tactics like mass address poisoning attacks more attractive for scammers, researchers said.
Blockchain security firm Scam Sniffer is warning of a sharp spike in signature phishing, with losses totaling $6.27 million and 4,700 wallets drained in January—an increase of 207% from December.
Signature phishing occurs when attackers lure users to malicious decentralized applications that prompt them to sign off‑chain messages. While the requests appear harmless—such as approving a token deposit or listing an NFT—the signatures can instead authorize unlimited token spending or the transfer of NFTs, allowing attackers to later drain wallets.
Someone lost $12.25M in January by copying the wrong address from their transaction history. In December, another victim lost $50M the same way.
Two victims. $62M gone.
Signature phishing also surged — $6.27M stolen across 4,741 victims (+207% vs Dec).
Top cases:
· $3.02M —… pic.twitter.com/7D5ynInRrb
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) February 8, 2026
The January surge contrasts with a broader decline in crypto phishing over the past year. Scam Sniffer reported total phishing losses of $83.85 million across 106,106 victims in 2025 on Ethereum and EVM-based chains, down 83% in value and 68% in victims compared with 2024.
Losses last month were highly concentrated. Two wallets accounted for roughly 65% of the total stolen through phishing and other attacks, including $3.02 million taken through a permit and increaseAllowance attack involving SLV and XAUt tokens, and $1.08 million drained via a permit attack.
Beyond signature phishing, Scam Sniffer pointed to address poisoning and permit scams as key contributors. Address poisoning attackers send tiny transactions, or dust, to targets using addresses that closely resemble legitimate ones the wallet has already interacted with. When users later copy an address from their transaction history, they may inadvertently send funds to an attacker-controlled lookalike address.
Ethereum’s Fusaka upgrade changes scam economics
Researchers said tactics like address poisoning have become more attractive following Ethereum’s Fusaka upgrade, which sharply reduced transaction fees. Blockchain researcher Andrey Sergeenkov found that new address creation surged last month, with one week seeing 2.7 million new addresses, about 170% above typical levels. He said roughly two-thirds of new addresses received less than $1 in stablecoins as their first transaction, consistent with large-scale address poisoning campaigns.
Sergeenkov argued that lower Ethereum fees have changed the economics of mass poisoning attacks. While conversion rates remain extremely low, the reduced cost of sending millions of dust transactions has made the strategy viable, with profits now coming from a small number of high-value mistakes.
In addition to ensuring users check transactions and make sure they understand what they are signing or where they are sending money, wallets are also trying to introduce features to limit the risk of attacks.
Tara Annison, head of product at Twinstake, said wallets are increasingly adding transaction simulations, clearer warnings and pre-execution checks to flag risky interactions. “Rabby does pre-execution simulation and will warn you if you’re interacting with known malicious smart contracts or if there’s hidden logic in the transaction,” she told_ Decrypt_.
Metamask, meanwhile, “gives you a nice big warning if the site you’re connecting to looks like a phishing website and includes human readable warnings if the transaction looks like it might be about to do something dodgy for your assets,” Annison said. She added wallets are placing security features like this “front and centre to avoid you signing something you shouldn’t.”
Decrypt has approached the Ethereum Foundation for comment.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Russian Hacker Jailed for 81 Months Over $9M Ransomware Attacks
Aleksei Volkov, a Russian citizen, was sentenced to 81 months in U.S. prison for aiding ransomware attacks exceeding $9 million in losses. As an "initial access broker," he sold unauthorized network access. He owes $9.2 million in restitution and must forfeit crime-related equipment.
Decrypt2h ago
Resolv Hack Mints $80M Fake USR, Triggers Market Chaos
A security breach at Resolv Labs allowed attackers to mint 80 million uncollateralized USR stablecoins, causing a price collapse and market instability. Resolv paused contracts, burned illicit tokens, and confirmed $141 million in secure collateral.
CryptoFrontNews5h ago
Hacked for $110 Million as the Final Straw! DeFi Protocol Balancer's Development Company to Cease Operations
Trading Protocol Balancer Faces Major Turning Point, Founder Announces Balancer Labs Will Cease Operations, Protocol to Continue in Streamlined Form. This decision stems from security vulnerabilities and legal risks, with the current operational model becoming unsustainable. Despite significant TVL decline, Balancer still generates over $1 million in annualized fee revenue. The team has proposed an aggressive restructuring plan that includes token buybacks, revenue structure reforms, and focuses on five core product lines. Following the transformation, the team will concentrate on enhancing the protocol's competitiveness.
区块客7h ago
Venus Flash Loan Attacker Transferred 1743 ETH to New Address 50 Minutes Ago
According to analyst monitoring, the flash loan attacker on the Venus platform transferred 1743 ETH, with the address holdings reaching 7450 ETH, and funds being used for Aave yield farming. Venus has experienced multiple security incidents since 2021, with losses exceeding $270 million.
GateNews7h ago
Stablecoin USR Suddenly Crashes and Depegs! Resolv Reveals "Minting Vulnerability" Exploited by Hackers, Who Steal $25 Million
DeFi protocol Resolv suffered an attack on March 22, where hackers minted 80 million stablecoins USR at low cost and cashed out approximately $25 million, causing USR to depeg and triggering market volatility. The attack stemmed from a lack of security measures on the protocol's privileged accounts, impacting overall liquidity and affecting the lending market. Resolv subsequently suspended the protocol and emphasized that collateral pools remained unaffected, but experts believe the hidden losses caused by the incident are significant.
区块客9h ago
Husband accuses wife of stealing over 2,000 bitcoins! Judge: The plaintiff has a very high chance of winning.
The UK High Court is hearing a Bitcoin theft case in which the plaintiff alleges his estranged wife secretly stole 2,323 Bitcoin in 2023. In the case, the plaintiff used audio evidence to prove that the defendant and her sister planned to transfer the Bitcoin. The judge found a high probability of the plaintiff prevailing and ordered asset freezing while dismissing some claims, recommending expedited trial proceedings.
区块客10h ago
