Signature Phishing Up 200% As January Losses Pass $6M
In January, signature phishing attacks spiked sharply, with $6.27 million stolen from 4,700 wallets—a 207% increase from December. Signature phishing involves tricking users into approving supposedly harmless requests on malicious decentralized apps, which actually authorize attackers to drain wallets. Two major incidents accounted for $62 million in losses, including a single user losing $50 million after copying a malicious address. Overall, phishing losses declined in 2025, totaling $83.85 million—a drop of 83% from 2024—but recent attacks were highly concentrated in a few large victims. Other prevalent scams include address poisoning, where attackers send dust to users from lookalike addresses to trick them into sending funds to the wrong recipient. The Ethereum Fusaka upgrade reduced transaction fees, making large-scale address poisoning attacks more cost-effective. Most new addresses in recent campaigns received less than $1, signaling mass scams. Wallet providers are responding by adding transaction simulations, clearer warnings, and pre-execution checks to protect users from interacting with malicious smart contracts or addresses.
