Crypto phishing scams cost users $5.29 million in April as attack tactics diversify

Crypto users lost $5.29 million to phishing scams in April 2025, according to the latest report from ScamSniffer. The scam reporting platform noted that this represents a 17% decline compared to March loss.

However, the number of phishing victims increased substantially in April, with a total of 7,565 addresses affected by the attacks. This is a 26% increase compared to the 5,992 victims in March and highlights the evolving tactics by the scammers.

The biggest loss in the month was $1.43 million lost by a whale due to signing several phishing signatures. This shows that high-value victims remain vulnerable, as the biggest attack in March was a whale who lost $1.82 million to a similar attack vector.

There were other users who also lost significant amounts to signed phishing signatures. These include a user, 0xc1e4260cb, who lost $666,414 to a multipermit phishing signature, and 0x7C930969FCF who lost $234,000.

Meanwhile, the second-biggest attack last month was $700,000 in losses by one user who copied the wrong address. Address poisoning has ranked as one of the leading causes of phishing scam losses this year, and it appears that this will continue.

In this particular case, the victim copied a fake address that shared the same first six characters with the legitimate address, while the last four characters were the same except in different alphabet cases.

Unsurprisingly, there were other significant losses due to address poisoning. In one case, another user lost $150,000 because they copied the wrong address, while 0xEFc4f1d5 also sent $467,175 to the wrong address for the same reason.

Nevertheless, April is the month with the lowest crypto phishing losses this year, other than February, which had $5.32 million in losses.

Scammers are devising new ways to attack users

Meanwhile, April also saw scammers rely heavily on various means to target users. ScamSniffer identified fake “Solscan” ads on Google Search results as phishing links, noting that the spoof site was the leading search result on Google when a user searched for Solscan.

It noted:

“These phishing ads are designed to drain your wallet through malicious transaction signatures.”

While the URL for the phishing link and the authentic page appear to be the same, clicking on the link actually redirects users to Solscaan.com. Google has removed the ad.

Interestingly, fake Google ads were not the only means through which attackers are trying to exploit users. Ethereum Name Service lead developer Nick Johnson also identified another email phishing attack that targets Google accounts, with scammers deploying fake login pages using Google sites for credibility.

With scammers relying on various techniques to target crypto users, security analysts continue to highlight how individuals can protect themselves against such attacks by identifying when they are being phished.

ScamSniffer shared infographics on its page showing the various ways that scammers can initiate these attacks using Twitter, Discord, airdrop, scam adverts, and software compromise. It also identified all the popular phishing signatures that users can unknowingly sign and lose their assets.

Meanwhile, Revoke Cash also posted necessary precautions for users to avoid address poisoning. These precautions include double-checking all the addresses before executing a transaction, not copying addresses from the transaction histories, and using wallets that support bookmarks or whitelisting.

$364 million lost to crypto hacks in April

Meanwhile, the over $5 million lost in phishing scams only accounts for a small percentage of the total crypto losses in April. According to blockchain security firm CertiK, a total of $364 million was lost to hacks and scams in April.

One incident was responsible for $336 million of the losses, and it involved a social engineering attack resulting in the theft of 3,520 Bitcoins from one individual who had been holding the asset since 2017. On-chain sleuth ZachXBT confirmed that the victim was an elderly individual in the US.

CertiK categorized this attack as phishing. By their metric, the loss from the incident, along with the $1.36 million lost to address poisoning, meant that the phishing category saw a total of $337 million in losses in April.

Beyond this attack, hackers also exploited decentralized exchange KiloEX for $7.5 million, drained $5.8 million from Loopscale, and stole $5.5 million from the ZKSync airdrop contract. Bitcoin Mission and Term Labs also lost $2 million and $1.57 million, respectively.

Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot