Phishing scams focusing on cryptocurrency buyers intensified in August 2025, draining greater than $12 million from over 15,000 wallets throughout the sector.
Blockchain safety agency Rip-off Sniffer reported that these losses signify a pointy month-over-month rise, climbing 72% in contrast with July. Notably, the variety of victims additionally grew, growing 67% over the identical interval.
Ethereum EIP 7702 Fuels Enhance in Crypto Phishing Assaults
In accordance with the agency, about 46% of phishing losses got here from three high-value accounts, also known as whales. Collectively, these accounts misplaced $5.62 million, and one alone was exploited for $3.08 million.
Sponsored
Sponsored
In the meantime, Rip-off Sniffer recognized Ethereum’s EIP-7702 commonplace as the first instrument leveraged in August’s wave of assaults. The agency additionally famous an uptick in scammers tricking crypto customers into sending cash on to malicious contracts.
EIP-7702 improves Ethereum wallets by briefly permitting externally owned accounts (EOAs) to perform like sensible contract wallets.
This allows handy options equivalent to batching transactions, setting spending caps, integrating passkeys, and recovering wallets with out altering addresses.
Nevertheless, attackers have turned these identical instruments right into a strategy to speed up thefts.
Wintermute’s Dune Analytics dashboard reveals that greater than 80% of delegate contracts tied to EIP-7702 contain malicious exercise. Notably, this has compromised greater than 450,000 pockets addresses since its implementation this 12 months.
Yu Xian, founding father of the safety firm SlowMist, famous that consciousness of how EIP-7702 could be weaponized stays low. He emphasised that organized legal teams have enthusiastically embraced the mechanism, exploiting it throughout Ethereum Digital Machine (EVM) ecosystems.
In mild of the surge, Rip-off Sniffer has suggested crypto customers to be much more cautious when interacting with pockets requests.
They counsel verifying domains, avoiding rushed approvals, and refusing signatures that grant limitless permissions or seem broader than vital.
Moreover, suspicious prompts tied to EIP-7702 contract upgrades or mismatched transaction simulations also needs to increase alarms.