Crypto Hack Losses Fell 60% In December, New Data Shows

bitcoinistОпубликовано 2026-01-03Обновлено 2026-01-03

Введение

According to PeckShield, losses from crypto hacks dropped by approximately 60% in December, falling to around $76 million from $194 million in November. This decline was attributed to fewer large-scale exploits, though significant incidents still occurred. The month saw roughly 26 major attacks, with the largest being a $50 million address poisoning scam. Other notable losses included a $27 million multi-signature wallet breach due to a private key leak, a $7 million Trust Wallet exploit, and a $3.9 million issue involving the Flow protocol. Despite the overall reduction, experts caution that threats like scams and technical vulnerabilities persist, with human error remaining a major risk factor.

According to PeckShield, losses from crypto hacks dropped by about 60% in December, slipping to roughly $76 million from about $194 million in November.

That sharp month-to-month decline was driven by fewer large-scale heists, but the damage that did occur was still significant. Reports have disclosed a mix of scams and technical failures that together made December anything but risk-free.

December Losses Fall 60%

PeckShield tracked roughly 26 major exploits during the month. The largest single hit was an address poisoning scam that took about $50 million. In that scheme, victims were tricked into sending funds to an address that looked almost identical to a legitimate one.

Other large losses included a $27 million drain from a multi-signature wallet tied to a private key leak, about $7 million tied to a Trust Wallet exploit, and roughly $3.9 million linked to issues involving the Flow protocol. These figures were reported across multiple outlets and match the totals PeckShield compiled.

Major Scams Still Cause Big Damage

Address poisoning stood out because it relies on human error rather than a broken protocol. A small mistake — copying the wrong address — could wipe out a large transfer.

Trust Wallet’s loss was linked to a browser extension weakness that allowed attackers to move funds. In some cases, reimbursements were being discussed by affected services.

Reports have disclosed that private key exposure, even in wallets meant to be secure, continues to be a common root cause of big losses.

Total crypto market cap currently at $3 trillion. Chart: TradingView

Some experts say the fall in dollar losses reflects fewer massive breaches, not a vanishing of threats. Security teams have been more active, and some wallets tightened checks.

But the methods used by attackers did not disappear. Scams that prey on mistakes, like the address trick, are still in play, and sophisticated intrusions remain possible.

It was observed that a handful of incidents accounted for the bulk of December’s total, which helps explain the large swing in monthly totals.

Close monitoring into these trends by regulators and other stakeholders like platform operators will continue as well. There have been growing pressures to provide better protections for exchanges and other wallets when there has been a breach; and for more timely actions after the compromise has been identified.

Featured image from Unsplash, chart from TradingView

Связанные с этим вопросы

QAccording to the article, what was the main reason for the 60% drop in crypto hack losses in December?

AThe sharp decline was driven by fewer large-scale heists, though significant damage still occurred from scams and technical failures.

QWhat was the single largest crypto exploit in December and how much was lost?

AThe largest single exploit was an address poisoning scam that resulted in a loss of approximately $50 million.

QBesides the address poisoning scam, what were two other major causes of losses mentioned in the report?

AOther major losses included a $27 million drain from a multi-signature wallet due to a private key leak and about $7 million tied to a Trust Wallet exploit.

QHow does the article describe the nature of the address poisoning scam?

AIt is a scam that relies on human error, where victims are tricked into sending funds to an address that looks almost identical to a legitimate one.

QWhat does the article suggest is a continuing common root cause of major crypto losses, even in supposedly safe wallets?

APrivate key exposure continues to be a common root cause of big losses, even in wallets meant to be secure.

Похожее

L1 is Dead, Long Live Appchain

"L1 is Dead, Appchain Rises" critiques the failure of current Layer-1 (L1) blockchain models, arguing their tokens are trending toward zero. The author identifies key flaws: linear token emissions that incentivize selling rather than value creation, weak value propositions like "gas token" and "governance" narratives, mismanagement by bloated "foundations" or "labs" that drain value through excessive spending and token sales, and poor industry leadership focused on short-term narratives and overhyped trends like RaaS and high TPS. The solution proposed is a fundamental shift. New L1 token models are needed, moving away from the "low float, high FDV" paradigm that disadvantages retail investors. Fundraising should be sufficient only for launch, not excessive. Token unlocks should be tied to real milestones like CEX listings or DeFi integration. The ultimate goal should be for L1 tokens to become widely used mediums of exchange, not just fuel for networks. Value is increasingly moving to the application layer, with successful apps building their own chains (appchains). The author concludes that L1s must build sustainable value by creating useful applications and services, fostering strong holder communities, and achieving self-sustainability without relying on continuous token emissions.

marsbit1 ч. назад

L1 is Dead, Long Live Appchain

marsbit1 ч. назад

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

An open-source AI security tool flagged critical risks in Kelp DAO’s cross-chain architecture 12 days before a $292 million exploit on April 18, 2026—the largest DeFi incident of the year. The vulnerability was not in the smart contracts but in the configuration of LayerZero’s cross-chain bridge: a 1-of-1 Decentralized Verifier Network (DVN) setup allowed an attacker to forge cross-chain messages with a single compromised node. The tool, which performs AI-assisted architectural risk assessments using public data, identified several unremediated risks, including opaque DVN configuration, single-point-of-failure across 16 chains, unverified cross-chain governance controls, and similarities to historical bridge attacks like Ronin and Harmony. It also noted the absence of an insurance pool, which amplified losses as Aave and other protocols absorbed nearly $300M in bad debt. The attack unfolded over 46 minutes: the attacker minted 116,500 rsETH on Ethereum via a fraudulent message, used it as collateral to borrow WETH on lending platforms, and laundered funds through Tornado Cash. While an emergency pause prevented two subsequent attacks worth ~$200M, the damage was severe. The tool’s report, committed to GitHub on April 6, scored Kelp DAO a medium-risk 72/100—later acknowledged as too lenient. It failed to query on-chain DVN configurations or initiate private disclosure, highlighting gaps in current DeFi security approaches that focus on code audits but miss config-level and governance risks. The incident underscores the need for independent, AI-powered risk assessment tools that evaluate protocol architecture, not just code.

marsbit2 ч. назад

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

marsbit2 ч. назад

Figma's Stock Drops Over 7%, Is Claude Design the One to End It All?

Figma's stock fell over 7% following Anthropic's announcement of Claude Design, an experimental AI-powered design tool. Driven by the Opus 4.7 model, Claude Design generates prototypes, slides, and visual content, directly challenging Figma and Canva. A key feature is its seamless handoff capability to Claude Code, enabling a closed loop from design to development. The tool automatically reads existing code and design files to create tailored design systems, though early users report high token usage and bugs. The release follows a series of strategic moves by Anthropic, including limited releases of advanced models and high-level regulatory meetings. With a rumored $800 billion valuation and potential IPO by October, Anthropic is shifting from selling AI models to building end-user products, positioning itself as a competitor rather than just a partner to its API users. While Claude Design is not yet a full replacement for professional tools, it threatens to redefine Figma’s user base by enabling rapid prototyping for non-designers and small teams.

marsbit2 ч. назад

Figma's Stock Drops Over 7%, Is Claude Design the One to End It All?

marsbit2 ч. назад

Financing Weekly | 15 Public Financing Events, Paxos Labs Completes $12 Million Financing Led by Blockchain Capital

Last week (April 13-19) saw 15 blockchain funding rounds totaling over $165 million. Key deals include Paxos Labs raising $12 million led by Blockchain Capital to build DeFi infrastructure for stablecoin issuance and lending. In AI+Web3, OpenGradient secured $9.5 million for its verifiable AI compute network. DeFi highlights include Brix's $5.5 million raise for emerging market asset tokenization and Votre's $3.75 million seed round for its on-chain crypto lending platform. In centralized finance, digital banking platform Slash closed a $100 million Series C. Prediction market platform Pumpcade raised $5 million, backed by Jump Crypto. Additionally, DePIN project SHARE completed a seed round led by Greenfield Capital.

marsbit2 ч. назад

Financing Weekly | 15 Public Financing Events, Paxos Labs Completes $12 Million Financing Led by Blockchain Capital

marsbit2 ч. назад

Торговля

Спот
Фьючерсы
活动图片

Популярные категорииright-arrow

Популярные тегиright-arrow