Crypto Hack Losses Plunge 60% in December to $76M—Security Turning a Corner?
Hackers just had a lean Christmas. Crypto thefts cratered last month—a dramatic 60% drop that slashed losses to a mere $76 million. That's the kind of year-end gift the entire ecosystem needed.
The Big Dip
PeckShield's latest data paints a clear picture: defenses are stiffening. While the figure remains stark, the downward trajectory signals that enhanced security protocols and real-time monitoring are finally biting into the attackers' playbook. The industry isn't just throwing money at the problem anymore; it's starting to outsmart it.
Not All Quiet on the Western Front
Don't break out the champagne just yet. A single month's reprieve doesn't mean the war is won. Sophisticated threat actors are always iterating, probing for the next weak link in DeFi's complex, composable chains. The decline shows progress, not perfection. It's a reminder that in crypto, security isn't a product you buy—it's a relentless, evolving practice.
For the traditional finance crowd still clutching their pearls over volatility, maybe they should worry more about their own legacy systems' glacial upgrade cycles. After all, which sector publicly reports and slashes its theft figures by over half in thirty days? The one building the future, that's which. The trend is your friend—and right now, it's pointing toward a more resilient, and frankly, more professional digital asset landscape.
Address Poisoning Scam Drives $50M Loss in December Crypto Exploits
PeckShield said December saw 26 major crypto exploits, with a handful of incidents accounting for the bulk of losses. The largest involved a single user who lost $50 million in an address poisoning scam.
In such attacks, threat actors send small transactions from wallet addresses that closely resemble legitimate ones, hoping victims will mistakenly copy or select the fraudulent address during a transfer.
These scams often rely on visual similarity. Typically, the first and last few characters of the fake address match the real one, making it easy for users to miss subtle differences when scanning transaction histories. Attackers exploit that moment of inattention to redirect funds irreversibly.
Another major incident in December involved a private key leak tied to a multi-signature wallet, which resulted in losses of about $27.3 million.
PeckShield said the breach highlights the persistent risks around key management, even for wallets that rely on multiple approvals for transactions.
#PeckShieldAlert December 2025 witnessed ~26 major crypto exploits, resulting in total losses of ~$76M.
This figure represents a decrease of over 60% from November's total of $194.27M, marking a significant reduction in monthly losses.
Notably:
Wallet 0xcB80…819 lost $50M… pic.twitter.com/CNW3R6646j
While the overall decline in stolen funds may appear encouraging, security experts caution that it does not necessarily signal a lasting shift.
PeckShield pointed to several notable attacks during the month, including a Christmas-day exploit targeting Trust Wallet’s browser extension that drained roughly $7 million, as well as a $3.9 million hack affecting the FLOW protocol.
Browser-based wallets remain a common target for attackers due to their constant internet connectivity. In contrast, hardware wallets, offline devices designed to store private keys, are widely considered one of the safest options for long-term asset storage, a distinction often highlighted by security researchers and outlets such as Cointelegraph.
PeckShield said users can significantly reduce their exposure to common exploits by adopting basic precautions.
These include verifying every character of a destination address before sending funds, avoiding reliance on saved transaction histories, and keeping private keys offline whenever possible.
Brooklyn Man Charged in $16M Crypto Scam Targeting Coinbase Users
As reported, US prosecutors have charged a 23-year-old Brooklyn resident, Ronald Spektor, with stealing roughly $16 million in cryptocurrency from around 100 Coinbase users through an alleged phishing and social engineering scheme.
According to the Brooklyn District Attorney’s Office, Spektor posed as a Coinbase employee and contacted victims claiming their funds were at immediate risk, pressuring them to transfer crypto to wallets he controlled.
Authorities said the scheme relied on panic tactics rather than technical hacks. Operating under the online alias “lolimfeelingevil,” Spektor allegedly warned victims of imminent theft to override skepticism and force quick decisions.
