TL;DR

• Investors lost $12.17 million to phishing attacks in August, up 72% from July's $7.09 million.
• 15,230 victims were affected, a 67% increase in cases.
• Crypto whales bore the brunt: three incidents drained $5.62 million (46% of total losses).
• A new wave of scams linked to Ethereum's EIP-7702 upgrade has made phishing harder to detect.
• Experts warn retail users and institutions alike to stay vigilant as phishing tactics evolve.

Phishing isn't new in crypto, but August 2025 saw a steep rise that has alarmed industry watchers. According to a report from blockchain security firm Scam Sniffer, crypto users lost a combined $12.17 million to phishing scams last month. That figure marks a 72% increase from July's $7.09 million in reported losses.

In terms of victims, Scam Sniffer counted 15,230 unique addresses impacted in August, up from 9,143 in July - a 67% month-over-month increase. The firm shared its findings in an X post on September 6, warning that the trend signals more sophisticated phishing campaigns taking root.

What Exactly is Phishing in Crypto?

For readers outside the security trenches, phishing in crypto often works like this:

1. Hackers set up fake websites or malicious contracts that look identical to legitimate platforms.
2. Users are tricked into entering their wallet details, signing malicious approvals, or clicking deceptive prompts.
3. Once approved, funds are immediately drained to attacker-controlled wallets.

Unlike traditional finance, these transfers are irreversible. The appeal for attackers is obvious: with one well-crafted trick, they can siphon off millions in seconds.

Whales Take the Biggest Hit

While phishing attacks hit retail investors daily, August's data highlights a worrying trend: crypto whales are increasingly being targeted.

Source: ScamSniffer

Scam Sniffer's report shows that the top three single incidents drained:

• $3.08 million
• $1.54 million
• $1.00 million

Together, these cases account for $5.62 million, or 46% of all phishing losses in August. This concentration suggests attackers are designing highly tailored traps for wallets holding large sums. Whether through private negotiations, fake OTC offers, or custom contracts disguised as legitimate tools, whales are in the crosshairs like never before.

The New Threat: EIP-7702 Exploits

Adding to the danger is a new attack vector tied to Ethereum's EIP-7702 upgrade. The proposal temporarily allows externally owned addresses (EOAs) - regular user wallets to function like smart contract wallets. This enables useful features like:

• batching multiple transactions
• automated spending limits
• passkey integration

But hackers have found ways to abuse it. By bundling malicious transactions with legitimate requests, attackers trick users into authorizing batch signatures they don't fully understand. Because the transactions look like standard Ethereum activity, they're much harder to detect compared to classic phishing links. For retail users, this could feel like being robbed in broad daylight - everything looks normal until it's too late.

Lessons for Users

So what can everyday investors do? Security experts recommend a few simple but powerful precautions:

• Double-check URLs - Never click links from DMs or unknown emails. Always verify you're on the official site.
• Use hardware wallets - These require physical confirmation before signing, making scams harder to execute.
• Limit approvals - Revoke unnecessary token allowances using tools like Revoke.cash.
• Be skeptical of urgency - If a site or contact pressures you to act quickly, it's often a red flag.

As phishing grows more sophisticated, education and vigilance remain the strongest defense.

Final Thought

August's numbers are a stark reminder: phishing isn't fading - it's evolving. The rise of batch-signature exploits, the growing focus on whales, and the sheer scale of losses show attackers are innovating just as fast as the industry.

For Web3 to fulfill its promise, security must become a shared responsibility. That means better tools, smarter defaults, and constant user education. Until then, the $12 million lost in August may be just the start of a much larger trend.