Add on GoogleAdd Decrypt as your most well-liked supply to see extra of our tales on Google.
Briefly
- Signature phishing victims jumped greater than 200% in January, with $6.27 million stolen, blockchain safety agency Rip-off Sniffer warned.
- Regardless of the spike, complete phishing losses in 2025 have been sharply decrease than in 2024.
- Cheaper Ethereum charges after the Fusaka improve have made phishing techniques like mass tackle poisoning assaults extra engaging for scammers, researchers mentioned.
Blockchain safety agency Rip-off Sniffer is warning of a pointy spike in signature phishing, with losses totaling $6.27 million and 4,700 wallets drained in January—a rise of 207% from December.
Signature phishing happens when attackers lure customers to malicious decentralized purposes that immediate them to log out‑chain messages. Whereas the requests seem innocent—reminiscent of approving a token deposit or itemizing an NFT—the signatures can as an alternative authorize limitless token spending or the switch of NFTs, permitting attackers to later drain wallets.
Somebody misplaced $12.25M in January by copying the mistaken tackle from their transaction historical past. In December, one other sufferer misplaced $50M the identical approach.
Two victims. $62M gone.
Signature phishing additionally surged — $6.27M stolen throughout 4,741 victims (+207% vs Dec).
Prime instances:
· $3.02M —… pic.twitter.com/7D5ynInRrb— Rip-off Sniffer | Web3 Anti-Rip-off (@realScamSniffer) February 8, 2026
The January surge contrasts with a broader decline in crypto phishing over the previous yr. Rip-off Sniffer reported complete phishing losses of $83.85 million throughout 106,106 victims in 2025 on Ethereum and EVM-based chains, down 83% in worth and 68% in victims in contrast with 2024.
Losses final month have been extremely concentrated. Two wallets accounted for roughly 65% of the entire stolen by means of phishing and different assaults, together with $3.02 million taken by means of a allow and increaseAllowance assault involving SLV and XAUt tokens, and $1.08 million drained through a allow assault.
Past signature phishing, Rip-off Sniffer pointed to handle poisoning and allow scams as key contributors. Handle poisoning attackers ship tiny transactions, or mud, to targets utilizing addresses that carefully resemble legit ones the pockets has already interacted with. When customers later copy an tackle from their transaction historical past, they might inadvertently ship funds to an attacker-controlled lookalike tackle.
Ethereum’s Fusaka improve modifications rip-off economics
Researchers mentioned techniques like tackle poisoning have change into extra engaging following Ethereum’s Fusaka improve, which sharply decreased transaction charges. Blockchain researcher Andrey Sergeenkov discovered that new tackle creation surged final month, with one week seeing 2.7 million new addresses, about 170% above typical ranges. He mentioned roughly two-thirds of latest addresses acquired lower than $1 in stablecoins as their first transaction, in step with large-scale tackle poisoning campaigns.
Sergeenkov argued that decrease Ethereum charges have modified the economics of mass poisoning assaults. Whereas conversion charges stay extraordinarily low, the decreased value of sending hundreds of thousands of mud transactions has made the technique viable, with income now coming from a small variety of high-value errors.
Along with guaranteeing customers verify transactions and ensure they perceive what they’re signing or the place they’re sending cash, wallets are additionally attempting to introduce options to restrict the chance of assaults.
Tara Annison, head of product at Twinstake, mentioned wallets are more and more including transaction simulations, clearer warnings and pre-execution checks to flag dangerous interactions. "Rabby does pre-execution simulation and can warn you in case you're interacting with recognized malicious good contracts or if there's hidden logic within the transaction," she informed Decrypt.
Metamask, in the meantime, “provides you a pleasant huge warning if the positioning you're connecting to seems like a phishing web site and contains human readable warnings if the transaction seems prefer it is likely to be about to do one thing dodgy on your property,” Annison mentioned. She added wallets are putting security measures like this “entrance and centre to keep away from you signing one thing you shouldn't.”
Decrypt has approached the Ethereum Basis for remark.
