Crypto Hack Losses Fell 60% in December to $76M: PeckShield

Crypto-related losses from hacks and cybersecurity exploits fell sharply in December, dropping 60% month-on-month to about $76 million, according to blockchain security firm PeckShield.

The figure marks a notable decline from November’s $194.2 million, offering a rare pause after months of elevated attack activity across the sector.

Address Poisoning Scam Drives $50M Loss in December Crypto Exploits

PeckShield said December saw 26 major crypto exploits, with a handful of incidents accounting for the bulk of losses. The largest involved a single user who lost $50 million in an address poisoning scam.

In such attacks, threat actors send small transactions from wallet addresses that closely resemble legitimate ones, hoping victims will mistakenly copy or select the fraudulent address during a transfer.

These scams often rely on visual similarity. Typically, the first and last few characters of the fake address match the real one, making it easy for users to miss subtle differences when scanning transaction histories. Attackers exploit that moment of inattention to redirect funds irreversibly.

Another major incident in December involved a private key leak tied to a multi-signature wallet, which resulted in losses of about $27.3 million.

PeckShield said the breach highlights the persistent risks around key management, even for wallets that rely on multiple approvals for transactions.

While the overall decline in stolen funds may appear encouraging, security experts caution that it does not necessarily signal a lasting shift.

PeckShield pointed to several notable attacks during the month, including a Christmas-day exploit targeting Trust Wallet’s browser extension that drained roughly $7 million, as well as a $3.9 million hack affecting the Flow protocol.

Browser-based wallets remain a common target for attackers due to their constant internet connectivity. In contrast, hardware wallets, offline devices designed to store private keys, are widely considered one of the safest options for long-term asset storage, a distinction often highlighted by security researchers and outlets such as Cointelegraph.

PeckShield said users can significantly reduce their exposure to common exploits by adopting basic precautions.

These include verifying every character of a destination address before sending funds, avoiding reliance on saved transaction histories, and keeping private keys offline whenever possible.

Brooklyn Man Charged in $16M Crypto Scam Targeting Coinbase Users

As reported, US prosecutors have charged a 23-year-old Brooklyn resident, Ronald Spektor, with stealing roughly $16 million in cryptocurrency from around 100 Coinbase users through an alleged phishing and social engineering scheme.

According to the Brooklyn District Attorney’s Office, Spektor posed as a Coinbase employee and contacted victims claiming their funds were at immediate risk, pressuring them to transfer crypto to wallets he controlled.

Authorities said the scheme relied on panic tactics rather than technical hacks. Operating under the online alias “lolimfeelingevil,” Spektor allegedly warned victims of imminent theft to override skepticism and force quick decisions.