Skip to content
- Crypto losses dropped over 60% in December, falling to about $76M from November’s $194M.
- A few major attacks drove most losses, led by address poisoning and private key breaches.
- PeckShield warns lower losses do not signal safer crypto systems or reduced risk.
Crypto-related losses fell sharply in December 2025 after months of elevated exploit activity. Blockchain security firm PeckShield reported that total losses reached about $76 million during the month. The figure marked a steep decline from November, when crypto hacks and exploits caused losses of more than $194 million across the sector.
PeckShield recorded around 26 major crypto exploits in December. The data showed a month-over-month drop of more than 60% in total losses. Despite the improvement, analysts stressed that security risks across the crypto ecosystem remain unresolved.
Most of December’s losses came from a small number of incidents. The largest case involved a wallet identified as 0xcB80…819. That wallet lost close to $50 million through an address poisoning attack.
Address poisoning relies on social engineering rather than technical flaws. Attackers create wallet addresses that closely resemble legitimate ones. Victims are then misled into sending funds to the attacker’s address without noticing the difference.
Private Key Compromise Drains $27.3M From Multisig Wallet
Another major loss occurred in a multisignature wallet labeled 0xde5f…e965. The wallet lost about $27.3 million after its private key was compromised. Although multisig wallets are designed to add security, this wallet required only one approval to move funds.
Once the private key was exposed, the attacker became the sole signer. The funds were drained in full. Most of the stolen Ether was later moved through Tornado Cash, according to on-chain data reviewed by PeckShield.
Several other projects also reported losses in December. The babur.sol ecosystem recorded losses of about $22 million. Trust Wallet suffered losses estimated at $8.5 million. Unleash Protocol and Flow Blockchain each reported losses of roughly $3.9 million.
Also Read: Hacker Launders $4M Stolen from Unleash Protocol Using Tornado Cash: Full Details
Trust Wallet’s case was linked to a browser extension vulnerability. Hackers exploited Trust Wallet’s Chrome extension version 2.68 in late December. On-chain researcher ZachXBT reported that more than $6.7 million was stolen shortly after users updated the extension.
The users stated that the funds were lost within minutes. The problem was later verified by Trust Wallet, who recommended that people should switch off version 2.68. The company recommended upgrading the version to 2.69 to avoid additional losses.
Unleash Protocol Crypto Hack Exposes Governance Weaknesses
The weaknesses experienced by Unleash Protocol were related to governance and multisig. Hackers used unauthorized access and provided an upgrade of a contract. The funds belonging to users were then pulled out and sent to Ethereum.
Records indicated that there was a mixture of test transfers and bigger transactions on-chain. The batches of 100 ETH were used in some transfers. The stolen funds were then laundered in Tornado Cash.
In December, security researchers noticed that there was a change in the way they attacked. Numerous events were aimed at users instead of codes of protocol. Common vectors included address poisoning, compromised updates, and leaked personal keys.
According to PeckShield, reduced losses do not equate to enhanced security. The company indicated that it needed improved wallet designs and awareness among users. At the beginning of the year 2026, crypto security will be the dominant worry even after the reported losses decreased in December.
Also Read: Prenetics Shifts Strategy to IM8 as Consumer Health Brand Surpasses $100M Revenue
