Key Highlights
- Crypto losses fell to $76M in December, down 60% from November’s $194.27M, but high-value hacks still hit major wallets and projects.
- Wallet 0xcB80…819 lost $50M in an address poisoning attack, showing risks of social engineering scams.
- Multisig wallet 0xde5f…e965 lost $27.3M after a private key leak, with funds laundered via Tornado Cash.
In December 2025, the cryptocurrency industry saw a notable drop in losses from hacks and exploits compared to the previous month’s figures. According to blockchain security firm PeckShield, there were around 26 major cryptocurrency exploits in December, resulting in total losses of about $76 million.
This marked a sharp decline of more than 60% from November, when losses were $194.27 million. Even with the drop, experts warn that vulnerabilities remain widespread across the crypto ecosystem, and caution that the risk of major incidents has not disappeared.
While the numbers suggested that large-scale attacks were slowing down, a few high-value incidents showed that security risks still pose a serious threat to wallets, protocols, and other crypto tools.
Major losses in December
Despite the overall reduction in losses, it appears that the loss in December is largely pegged to a few attacks. The major loss that occurred in the network is that of a wallet labeled 0xcB80…819, which lost around $50 million due to an address poisoning attack.
Address poisoning refers to a social engineering attack where the perpetrator designs their own address that looks almost identical to the real one. Using address poisoning, the attacker convinces the recipient, through manipulated transactions or address books, to send money meant for the real address to their own malicious address without realizing it until it’s too late.
Another major incident involved a multisignature wallet known as 0xde5f…e965, which lost around $27.3 million after a private key was compromised. Multisig wallets are generally designed to improve security by requiring multiple approvals for transactions.
However, this wallet was set up as a 1-of-1 multisig, meaning that only a single approval was needed to move funds, which allowed the attacker to drain it once they had the key.
Once the attacker gained access to the private key, they became the only signer for the wallet and were able to drain all the funds. They were very careful to proceed and transfer all the stolen money using Tornado Cash, which is an Ethereum privacy service.
PeckShield said most of the stolen Ether had already been laundered, though the attacker was still holding around $2 million in liquid assets at the time of reporting. Analysts noted that the incident demonstrated how misconfigured wallets and poor key management can undermine the security benefits that multisig setups are meant to provide.
Other high-profile exploits
In addition to the two largest incidents, other crypto projects have also recorded losses. The one affected most by the loss is babur.sol, losing about $22 million. Trust Wallet lost about $8.5 million, followed by Unleash Protocol and Flow Blockchain, losing about $3.9 million.
Trust wallet extension hack
Trust Wallet was an unusual case, as it was an exploit found in the browser extension, not in the blockchain itself. In late December 2025, hackers exploited the Trust Wallet Chrome extension version 2.68, stealing more than $6.7 million, as reported by on-chain researcher ZachXBT.
Users reported that the money had disappeared in mere minutes, and that happened mostly after a software update for the extension. Trust Wallet acknowledged the issue and instructed users to disable the extension version “2.68 immediately and update to version 2.69.”
The incident highlighted ongoing risks with browser-based wallets, especially when updates or third-party software are involved.
Unleash protocol multisig breach
Unleash Protocol lost about $3.9 million due to an exploitation of vulnerabilities in governance and multisig measures, and not because of a vulnerability in the protocol. The hacker gained unauthorized access, upgraded a contract, and withdrew user funds.
The stolen funds, after the heist, were transferred to the Ethereum network, using the Tornado Cash laundering service. The on-chain records indicated a series of test payments, as well as larger amounts of 100 ETH.
Shifting attack patterns
Though the net impact of losses remained lower in December, the nature of attacker activity is evolving. Rather than being merely focused on vulnerabilities in code or Bridges, attackers are increasingly targeting users.
Scams involving address poisoning, browser extension malware, compromised software updates, and leaked private keys still prove some of the most efficient methods. Indeed, these often leverage human errors rather than technology, and thus are difficult to protect against via code reviews.
Companies such as PeckShield highlight the fact that a decline in losses does not necessarily mean that cryptos are secured. They continue to suggest the following measures to improve wallet hygiene, user knowledge, internet browser add-ons, as well as multi-signature governance.
Looking ahead
As the year 2026 dawns, many organizations in the crypto and blockchain space begin to call for better security measures and tools that would help counter both technical and social engineering attacks. Experts would also be keen to see if the trend of declining exploit growth continues or if attackers find a way to come back with new attacks.
For now, it seems that December’s numbers at least provide a brief reprieve from the steep losses that have been ongoing. However, many high-value hacks and common attack methods are still happening, showing that security remains a major concern in the cryptocurrency industry.
Also Read: Crypto Tax Crackdown: UK Starts New Exchange Reporting Rules
