Total losses from hacks and cybersecurity exploits in the crypto sector fell to around $76 million in December. This is a 60% drop from November’s $194.2 million, according to blockchain security firm PeckShield.
PeckShield reported 26 major crypto exploits during the month, including a single address-poisoning scam that cost one user $50 million. This scam involves scammers using look-alike wallet addresses to trick victims into sending funds to the wrong destination.
In most cases, the first and last four characters of the addresses match, with the attacker hoping that the victim will accidentally send funds to the fraudulent address by selecting the poisoned address from their transaction history without closely examining the entire string.
PeckShield noted that another user lost approximately $27.3 million due to a private key leak in a multi-signature wallet hack.
Although the decline in the total amount of stolen funds is a positive development, many industry experts caution that users must remain vigilant and exercise caution to protect themselves against common scams and cybersecurity threats.
Bybit’s $1.4B hack highlights concentrated crypto losses
The year 2025 was another challenging year for blockchain as centralized exchanges, DeFi protocols, and infrastructure providers, attackers siphoned an estimated $2.2 billion in the 10 largest incidents, roughly on par with the “nearly $2.2 billion” stolen in 2024, according to an analysis based on Chainalysis data previously reported.
However, the damage was far more concentrated. While the sheer number of mid-tier exploits increased from the previous year, 2025 also saw the largest crypto theft ever recorded: Bybit’s $1.4 billion breach in February.
The Dubai-based exchange suffered the largest crypto theft on record on Feb. 21, when attackers drained approximately 401,000 ETH, worth a staggering $1.4 billion at the time, from wallets tied to the platform.
Onchain security firms reported that funds were drained from Safe-based multisig wallets across multiple networks, including Ethereum and Arbitrum, before being rapidly funneled through a network of newly created addresses.
Trust Wallet and Flow hacks expose browser wallet risks
According to PeckShield, the Christmas Trust Wallet hack, which resulted in the wallet being drained of $7 million in user funds, and the $3.9 million Flow protocol hack were two of the most significant attacks in December.
The Trust Wallet exploit affected the wallet’s browser extension. Browser-based wallets are continuously connected to the internet, a design characteristic that can increase susceptibility to specific cybersecurity threats.
Using a hardware wallet, an offline storage device similar to a USB drive, to store cryptocurrency private keys is widely regarded as one of the safest methods for storing digital assets.
Users can also completely neutralize the threat of address posing scams by checking every character of the destination wallet’s address multiple times, rather than quickly glancing at it or selecting it from a transaction history list.
Trust Wallet users impacted by a recent browser extension hack are facing new delays after the company confirmed that its Chrome extension has been temporarily taken down from the Chrome Web Store.
This resulted in slowing the rollout of a key claims verification tool tied to the incident. Trust Wallet chief executive Eowyn Chen said the extension became unavailable after the company encountered a Chrome Web Store bug while attempting to release a new version.
Sharpen your strategy with mentorship + daily ideas - 30 days free access to our trading program
