Phishing Scams Soar to $12M in August 2025 with Over 15,000 Victims

Highlights:

• Phishing attacks in August stole over $12 million, showing a sharp 72% monthly rise.
• Almost half the total losses came from three whales, including one hit for $3.08 million.
• Security experts traced many of these incidents to scammers abusing Ethereum’s new EIP-7702 feature.

ScamSniffer has reported a significant rise in phishing scams and victims during August 2025. The Web3 anti-scam platform highlighted the trend in its latest phishing report, noting a 72% increase in losses compared to July. According to the report, phishing-related losses reached $12.17 million in August, ranking among the highest monthly totals this year. The figures suggest phishing activity is regaining momentum. Earlier in 2025, losses peaked at $10.25 million in January before dropping to a low of $2.80 million in June.

🚨 ScamSniffer August 2025 Phishing Report

August losses: $12.17M | 15,230 victims
VS July: +72% in losses | +67% in victims

Key insight: Sharp escalation driven by EIP-7702 batch-signature scams and direct transfers to phishing contracts. 3 whale hits totaled $5.62M (46%).… pic.twitter.com/l3NJRryuxw

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) September 6, 2025

Phishing Scam Victims Surpass 15,000 in One Month

August not only saw record losses but also the highest number of victims this year. ScamSniffer’s data shows 15,230 users were targeted by phishing scams, a sharp 67% rise from July’s 9,143 cases. This was also the first month this year when victims crossed 10,000, surpassing January’s figure of 9,220. The largest incident occurred on August 6, when a whale suffered a $3.08 million loss. The victim unknowingly confirmed a harmful transaction, which let scammers steal their aEthUSDT tokens into a phishing contract.

Losses linked to only three users collectively accounted for 46% of all funds stolen in August. In one such incident, a victim ended up losing $1.54 million after unknowingly authorizing an EIP-7702 phishing batch transaction. Another user also lost close to $1 million, which included both cryptocurrencies and non-fungible tokens, in a similar type of attack.

Meanwhile, highlighted a big jump in EIP-7702 batch signature scams in August, connecting this tactic to many of the month’s losses. Apart from causing two of the three largest individual losses, several other users were also affected by the same type of attack. One affected user, 0x4897e, lost $235,977, while another, 0x5ad31d, lost $66,000 in batch transfers masked as Uniswap swaps. Multiple similar incidents were recorded, leading security experts to note a clear pattern of phishing scammers focusing on addresses that had upgraded to EIP-7702.

EIP-7702 Upgrade Turns Risky as Hackers Exploit Weakness Across Ethereum

EIP-7702 came with Ethereum’s Pectra upgrade. It lets normal wallets (EOAs) work like smart contracts for a short time. This makes it easier for users to do things like send many transactions at once. But scammers found a weakness in it and are using it for tricks.

Data from Wintermute’s Dune Analytics dashboard reveals that over 80% of delegate contracts linked to EIP-7702 are being used for malicious purposes. Since the upgrade was introduced earlier this year, more than 450,000 wallet addresses have been exposed to these risks.

Yu Xian, the founder of security firm SlowMist, explained that many users still have little understanding of how EIP-7702 can be turned into a tool for attacks. He pointed out that organized criminal groups have quickly taken advantage of the upgrade, actively using it across Ethereum Virtual Machine (EVM) networks.

许多人对 EIP-7702 的恶意利用还不大了解，我们看链上统计大概就有数了，比如根据 Wintermute 制作的统计 7702 多链使用情况的 dune 面板，88% 的 delegate 合约都是 Crime(犯罪) 有关…

这些团伙爱死了这个机制，也在大量使用，为 EVM 繁荣做了些贡献😂 https://t.co/Jbj3Omjz8K pic.twitter.com/r137b7Kg9z

— Cos(余弦)😶‍🌫️ (@evilcos) August 31, 2025