Crypto Hack Losses Fell 60% In December To $76M: Peckshield

What Happened

Crypto-related losses from hacks and cybersecurity exploits fell sharply in December, dropping 60% month-on-month to about $76 million, according to blockchain security firm PeckShield.

Crypto hack losses fell 60% in December to $76 million, marking a sharp drop from November’s levels.

A single address poisoning scam accounted for $50 million of losses, making it December’s largest crypto exploit.

PeckShield warns that persistent threats like key leaks and browser wallet exploits still pose serious risks.

Address Poisoning Scam Drives $50M Loss in December Crypto Exploits

PeckShield said December saw 26 major crypto exploits, with a handful of incidents accounting for the bulk of losses. The largest involved a single user who lost $50 million in an address poisoning scam.

These scams often rely on visual similarity. Typically, the first and last few characters of the fake address match the real one, making it easy for users to miss subtle differences when scanning transaction histories. Attackers exploit that moment of inattention to redirect funds irreversibly.

PeckShield pointed to several notable attacks during the month, including a Christmas-day exploit targeting Trust Wallet’s browser extension that drained roughly $7 million, as well as a $3.9 million hack affecting the Flow protocol.

PeckShield said users can significantly reduce their exposure to common exploits by adopting basic precautions.

Authorities said the scheme relied on panic tactics rather than technical hacks. Operating under the online alias “lolimfeelingevil,” Spektor allegedly warned victims of imminent theft to override skepticism and force quick decisions.

The post Crypto Hack Losses Fell 60% in December to $76M: PeckShield appeared first on Cryptonews.

Market Context

Key Takeaways:

The figure marks a notable decline from November’s $194.2 million, offering a rare pause after months of elevated attack activity across the sector.

Why It Matters

PeckShield said the breach highlights the persistent risks around key management, even for wallets that rely on multiple approvals for transactions.

While the overall decline in stolen funds may appear encouraging, security experts caution that it does not necessarily signal a lasting shift.

According to the Brooklyn District Attorney’s Office, Spektor posed as a Coinbase employee and contacted victims claiming their funds were at immediate risk, pressuring them to transfer crypto to wallets he controlled.

Details

In such attacks, threat actors send small transactions from wallet addresses that closely resemble legitimate ones, hoping victims will mistakenly copy or select the fraudulent address during a transfer.

Another major incident in December involved a private key leak tied to a multi-signature wallet, which resulted in losses of about $27.3 million.

Browser-based wallets remain a common target for attackers due to their constant internet connectivity. In contrast, hardware wallets, offline devices designed to store private keys, are widely considered one of the safest options for long-term asset storage, a distinction often highlighted by security researchers and outlets such as Cointelegraph.

These include verifying every character of a destination address before sending funds, avoiding reliance on saved transaction histories, and keeping private keys offline whenever possible.

Brooklyn Man Charged in $16M Crypto Scam Targeting Coinbase Users

As reported, US prosecutors have charged a 23-year-old Brooklyn resident, Ronald Spektor, with stealing roughly $16 million in cryptocurrency from around 100 Coinbase users through an alleged phishing and social engineering scheme.