Phishing scams surge in August 2025 with number of victims crossing 10,000 for the first time this year

ScamSniffer has disclosed a surge in the number of phishing scams and victims for August, marking a resurgence in phishing activity. The crypto anti-scam platform disclosed this in its August 2025 phishing report, noting a 72% increase in the amount lost compared to July.

According to the report, the amount lost to phishing scams in August was $12.17 million. This represents one of the highest this year and is a sign that the activity is seeing a resurgence. In the first half of the year, losses to phishing scams reached a monthly high of $10.25 million in January and dropped to their lowest level at $2.80 million in June.

With the losses reaching the highest level in 2025, the number of victims also reached a new yearly high. According to the data, 15,230 users were victims of phishing scams in August, a 67% jump compared to July, when it was just 9,143. It is also the first time this year that monthly victims have surpassed 10,000 users, with January having just 9,220.

The biggest loss that month was a whale who lost $3.08 million on August 6 after signing a phishing transaction. The victim unknowingly approved a malicious transaction that transferred their aEthUSDT tokens to a phishing contract.

Losses from three users combined account for 46% of all the amount lost in August. In one of those incidents, the user lost $1.54 million after signing an EIP-7702 phishing batch transaction. Another victim also lost around $1 million in cryptocurrencies and non-fungible tokens in similar circumstances.

EIP-7702 batch-signature scams dominate phishing activity

Meanwhile, ScamSniffer observed that August saw a surge in EIP-7702 batch signature scams, with this type of scam responsible for many of the losses in the month. Beyond accounting for two of the top three biggest monthly losses, other users also suffered the same incident.

These include a victim 0x4897e losing $235,977 and 0x5ad31d losing $66,000 to batch transfers disguised as Uniswap swaps. There were several other incidents, leading security experts to identify a pattern of phishing scammers targeting addresses that upgraded to EIP-7702.

EIP-7702 is an Ethereum upgrade introduced by the Pectra upgrade that allows externally owned accounts (EOAs) to have smart contract capabilities. Although its goal was to improve Ethereum user experience by enabling  EOAs to have temporary smart contract abilities, such as transaction batching, it has created a vulnerability for scammers to exploit.

ScamSniffer said:

This time attackers use batch transfers (vs previous batch approvals), routing through Uniswap Universal Router to appear legitimate.

Interestingly, phishing attacks targeting the EIP-7702 have been happening since the Pectra upgrade in June, but it has increased recently, showing that bad actors are getting more adept at exploiting the vulnerability. With hackers mostly using automated sweeper attacks, they can steal any funds going into a compromised address.

The concerns around the EIP-7702 vulnerability have become even more pronounced among World Liberty Financial WLFI token holders. SlowMist founder Yu Xian also observed a few days ago that bad actors are using the features to steal funds from addresses holding WLFI.

He explained that scammers are gaining access to the private keys of the victims through phishing and setting up the EIP-7702 exploit mechanism for the address. This allows them to steal tokens from compromised addresses immediately once the tokens are unlocked. One user has now asked the WLFI team to implement a direct transfer option to protect addresses on the WLFI whitelist that have already been compromised.

Address poisoning remains an issue

Meanwhile, crypto users still have other phishing exploits to grapple with, as August is also seeing a rise in other phishing attacks. ScamSniffer observed that direct transfers to phishing contracts also increased in August.

The prevalence of phishing ads might have contributed to this, with ScamSniffer noting that these malicious ads on Google Search use Google Sites to host fake DeFi interfaces. Bing even ranked phishing sites as #1 for searches for DappRadar.

Interestingly, address poisoning remains a major issue for crypto users, with several victims losing funds to it. One user lost $636,559 after copying the wrong deposit address from their contaminated address. As is usually the case, the wrong and correct addresses have the same first six and last four characters. Two other users lost $500,000 and $19,000 to a similar cause.

KEY Difference Wire: the secret tool crypto projects use to get guaranteed media coverage