The cryptocurrency sector experienced a significant respite in December 2025, with financial damages from hacks and exploits dropping more than 60% to approximately $76 million, according to a report from blockchain security firm PeckShield released on January 1, 2026. This figure represents a substantial reduction from November’s total of around $194 million, providing a welcome break amid a year that saw billions lost to cyber threats overall.
PeckShield documented about 26 major incidents throughout the month, a relatively contained number compared to previous periods of heightened activity.
#PeckShieldAlert December 2025 witnessed ~26 major crypto exploits, resulting in total losses of ~$76M.
This figure represents a decrease of over 60% from November's total of $194.27M, marking a significant reduction in monthly losses.
Notably:
🔺Wallet 0xcB80…819 lost $50M… pic.twitter.com/CNW3R6646j— PeckShieldAlert (@PeckShieldAlert) January 1, 2026
The sharp monthly decline highlights potential improvements in security protocols across protocols and wallets, though industry professionals now caution that vulnerabilities persist.
Dominating the losses was a sophisticated address poisoning scheme, which alone accounted for $50 million in stolen funds.
In this type of attack, malicious actors generate wallet addresses that mimic legitimate ones, often differing by just a few characters.
Victims are tricked into copying and pasting the fraudulent address from their transaction history, inadvertently sending assets directly to the attacker.
Such scams exploit user habits rather than technical flaws in blockchain code, underscoring the ongoing challenge of social engineering in crypto.
Another prominent case involved the compromise of a multi-signature wallet, resulting in over $27 million drained after a private key exposure.
Multi-signature setups, designed to require multiple approvals for transactions, are intended to enhance security, but this incident demonstrates how a single leaked key can undermine those protections.
Address poisoning tactics proved particularly persistent in December, remaining a favored method among attackers seeking to deceive users into erroneous transfers.
Among the month’s most damaging events, the top five included:
- The multi-signature wallet breach exceeding $27 million
- An exploit targeting “babur.sol” valued at $22 million
- A vulnerability in Trust Wallet affecting around $8.5 million
- Breaches involving Unleash Protocol and Flow Blockchain, each at approximately $3.9 million
These figures illustrate how a handful of high-value incidents seemingly drove the majority of December’s damages, even as the overall total eased.
While the reduced losses offer optimism for better safeguards heading into 2026, the crypto ecosystem continues to grapple with evolving threats like key compromises, supply chain attacks, and deceptive scams.
Industry observers and analysts now emphasize the need for heightened user education and proactive measures—such as always double-checking full wallet addresses—and advanced monitoring tools to mitigate risks.
As crypto adoption grows in 2026 and beyond, maintaining proper defenses will be crucial to sustaining confidence in digital assets.