Signature Phishing Up 200% As January Losses Pass $6M

Blockchain safety agency Rip-off Sniffer is warning of a pointy spike in signature phishing, with losses totaling $6.27 million and 4,700 wallets drained in January—a rise of 207% from December.

Signature phishing happens when attackers lure customers to malicious decentralized purposes that immediate them to log out‑chain messages. Whereas the requests seem innocent—equivalent to approving a token deposit or itemizing an NFT—the signatures can as an alternative authorize limitless token spending or the switch of NFTs, permitting attackers to later drain wallets.

The January surge contrasts with a broader decline in crypto phishing over the previous yr. Rip-off Sniffer reported whole phishing losses of $83.85 million throughout 106,106 victims in 2025 on Ethereum and EVM-based chains, down 83% in worth and 68% in victims in contrast with 2024.

Losses final month had been extremely concentrated. Two wallets accounted for roughly 65% of the whole stolen by means of phishing and different assaults, together with $3.02 million taken by means of a allow and increaseAllowance assault involving SLV and XAUt tokens, and $1.08 million drained by way of a allow assault.

Past signature phishing, Rip-off Sniffer pointed to deal with poisoning and allow scams as key contributors. Deal with poisoning attackers ship tiny transactions, or mud, to targets utilizing addresses that carefully resemble professional ones the pockets has already interacted with. When customers later copy an handle from their transaction historical past, they could inadvertently ship funds to an attacker-controlled lookalike handle.



Ethereum’s Fusaka improve adjustments rip-off economics

Researchers stated ways like handle poisoning have turn into extra engaging following Ethereum’s Fusaka improve, which sharply decreased transaction charges. Blockchain researcher Andrey Sergeenkov discovered that new handle creation surged final month, with one week seeing 2.7 million new addresses, about 170% above typical ranges. He stated roughly two-thirds of latest addresses acquired lower than $1 in stablecoins as their first transaction, according to large-scale handle poisoning campaigns.

Sergeenkov argued that decrease Ethereum charges have modified the economics of mass poisoning assaults. Whereas conversion charges stay extraordinarily low, the decreased price of sending hundreds of thousands of mud transactions has made the technique viable, with earnings now coming from a small variety of high-value errors.

Along with guaranteeing customers test transactions and ensure they perceive what they’re signing or the place they’re sending cash, wallets are additionally attempting to introduce options to restrict the danger of assaults.

Tara Annison, head of product at Twinstake, stated wallets are more and more including transaction simulations, clearer warnings and pre-execution checks to flag dangerous interactions. “Rabby does pre-execution simulation and can warn you if you happen to’re interacting with recognized malicious good contracts or if there’s hidden logic within the transaction,” she advised Decrypt.

Metamask, in the meantime, “offers you a pleasant massive warning if the positioning you are connecting to appears like a phishing web site and consists of human readable warnings if the transaction appears prefer it is likely to be about to do one thing dodgy in your belongings,” Annison stated. She added wallets are inserting safety features like this “entrance and centre to keep away from you signing one thing you should not.”

Decrypt has approached the Ethereum Basis for remark.