Crypto hack losses fall sharply in December, but risks remain
Crypto-related losses from hacks and security exploits dropped 60% in December to around $76 million, according to blockchain security firm PeckShield. This marks a sharp decline from November’s $194.2 million, offering a rare pause after months of high attack activity in the sector.
December’s biggest exploits
Address poisoning scam steals $50 million
The largest single loss came from an address poisoning attack, where scammers create wallet addresses that look almost identical to legitimate ones. Small differences in the first or last few characters trick users into sending funds to the wrong address, resulting in irreversible losses.Private key leak hits $27.3 million
Another major incident involved a multi-signature wallet, where a leaked private key allowed attackers to steal more than $27 million. PeckShield warns that key management remains a serious vulnerability, even for wallets requiring multiple approvals for transactions.Other notable attacks
December also saw smaller incidents, including a $7 million exploit targeting Trust Wallet’s browser extension on Christmas Day and a $3.9 million hack affecting the Flow protocol. Browser-based wallets remain attractive targets due to their constant online connection, whereas offline hardware wallets are generally considered much safer for storing crypto long-term.
Security precautions
PeckShield emphasizes that, while the decline in losses is encouraging, threats remain high. Users can reduce risk by:
Carefully verifying every character of a destination address before sending funds.
Avoiding reliance on saved transaction histories.
Keeping private keys offline whenever possible.
US crypto scam case
Separately, US authorities charged a 23-year-old Brooklyn man, Ronald Spektor, with stealing roughly $16 million from about 100 Coinbase users. Spektor allegedly posed as a Coinbase employee, tricking victims into transferring crypto by warning them of immediate threats — a scheme relying on phishing and social engineering rather than technical hacking.
