Signature Phishing Up 200% As January Losses Go $6M – Decrypt

In short
Signature phishing victims jumped greater than 200% in January, with $6.27 million stolen, blockchain safety agency Rip-off Sniffer warned.
Regardless of the spike, whole phishing losses in 2025 had been sharply decrease than in 2024.
Cheaper Ethereum charges after the Fusaka improve have made phishing techniques like mass handle poisoning assaults extra enticing for scammers, researchers mentioned.
Blockchain safety agency Rip-off Sniffer is warning of a pointy spike in signature phishing, with losses totaling $6.27 million and 4,700 wallets drained in January—a rise of 207% from December.Signature phishing happens when attackers lure customers to malicious decentralized functions that immediate them to log out‑chain messages. Whereas the requests seem innocent—reminiscent of approving a token deposit or itemizing an NFT—the signatures can as a substitute authorize limitless token spending or the switch of NFTs, permitting attackers to later drain wallets.
Somebody misplaced $12.25M in January by copying the fallacious handle from their transaction historical past. In December, one other sufferer misplaced $50M the identical manner.
Two victims. $62M gone.
Signature phishing additionally surged — $6.27M stolen throughout 4,741 victims (+207% vs Dec).
High circumstances:· $3.02M —… pic.twitter.com/7D5ynInRrb
— Rip-off Sniffer | Web3 Anti-Rip-off (@realScamSniffer) February 8, 2026The January surge contrasts with a broader decline in crypto phishing over the previous 12 months. Rip-off Sniffer reported whole phishing losses of $83.85 million throughout 106,106 victims in 2025 on Ethereum and EVM-based chains, down 83% in worth and 68% in victims in contrast with 2024.Losses final month had been extremely concentrated. Two wallets accounted for roughly 65% of the entire stolen by means of phishing and different assaults, together with $3.02 million taken by means of a allow and increaseAllowance assault involving SLV and XAUt tokens, and $1.08 million drained through a allow assault.Past signature phishing, Rip-off Sniffer pointed to deal with poisoning and allow scams as key contributors. Tackle poisoning attackers ship tiny transactions, or mud, to targets utilizing addresses that carefully resemble official ones the pockets has already interacted with. When customers later copy an handle from their transaction historical past, they could inadvertently ship funds to an attacker-controlled lookalike handle.Ethereum’s Fusaka improve modifications rip-off economicsResearchers mentioned techniques like handle poisoning have grow to be extra enticing following Ethereum’s Fusaka improve, which sharply diminished transaction charges. Blockchain researcher Andrey Sergeenkov discovered that new handle creation surged final month, with one week seeing 2.7 million new addresses, about 170% above typical ranges. He mentioned roughly two-thirds of recent addresses acquired lower than $1 in stablecoins as their first transaction, in line with large-scale handle poisoning campaigns.Sergeenkov argued that decrease Ethereum charges have modified the economics of mass poisoning assaults. Whereas conversion charges stay extraordinarily low, the diminished price of sending tens of millions of mud transactions has made the technique viable, with earnings now coming from a small variety of high-value errors.Along with making certain customers test transactions and ensure they perceive what they're signing or the place they're sending cash, wallets are additionally making an attempt to introduce options to restrict the chance of assaults.Tara Annison, head of product at Twinstake, mentioned wallets are more and more including transaction simulations, clearer warnings and pre-execution checks to flag dangerous interactions. “Rabby does pre-execution simulation and can warn you in the event you're interacting with recognized malicious good contracts or if there's hidden logic within the transaction,” she advised Decrypt.Metamask, in the meantime, “offers you a pleasant large warning if the location you are connecting to appears like a phishing web site and consists of human readable warnings if the transaction appears prefer it is likely to be about to do one thing dodgy in your property,” Annison mentioned. She added wallets are inserting safety features like this “entrance and centre to keep away from you signing one thing you should not.”Decrypt has approached the Ethereum Basis for remark.Each day Debrief NewsletterStart on daily basis with the highest information tales proper now, plus unique options, a podcast, movies and extra.