TL;DR
- PeckShield estimated about $76M lost in December, over 60% less than Novemberās $194.27M, but criminals kept repeating simple playbooks across the crypto ecosystem.
- Address poisoning caused a ~$50M mis-send and compromised multisig keys drove over $27M more, even as 26 major exploits were tracked.
- Trust Walletās browser-extension issue cost about $7M and a Flow-ecosystem breach nearly $4M, reinforcing that always-online wallets need strict address checks and permission hygiene.
December delivered a headline slowdown in crypto crime, yet the operational playbook barely changed. PeckShield data shows roughly $76 million was extracted during the month, a drop of over 60% from Novemberās $194.27 million. Still, the threat shifted from protocol breakage to user-driven losses, with scams and key exposure setting the pace. The softer number masks a familiar reality: people are still being exploited more often than code, and basic, repeatable methods keep working at scale for attackers. In short, the threat model looks unchanged, only the surface area expanding.
#PeckShieldAlert December 2025 witnessed ~26 major crypto exploits, resulting in total losses of ~$76M.
This figure represents a decrease of over 60% from November's total of $194.27M, marking a significant reduction in monthly losses.
Notably:
šŗWallet 0xcB80…819 lost $50Mā¦ pic.twitter.com/CNW3R6646j— PeckShieldAlert (@PeckShieldAlert) January 1, 2026
Scams and User Errors Take the Lead
The biggest hit came from address poisoning, not a complex exploit. A victim sent funds to a lookalike wallet address that mimicked the first and last characters of a trusted destination, a mistake worth about $50 million. Another major incident involved compromised private keys tied to a multi-signature wallet, producing losses above $27 million. A handful of cases drove most of Decemberās damage, even though PeckShield recorded about 26 major exploits and more than two dozen incidents during the month. Deception and key leakage, not code failure, moved the needle.
Fewer losses do not automatically mean better security. The decline reflects fewer extreme events, not safer behavior, and many incidents were still avoidable across day to day usage by users. Among the notable examples was a browser-extension exploit affecting Trust Wallet, which led to around $7 million in losses, according to the same dataset. A separate breach within the Flow ecosystem drained close to $4 million. Always-online wallets stay attractive targets, especially when extensions, dependencies, or user permissions can be abused and monitored continuously by attackers looking for repeatable entry points.
Decemberās mix reinforces an old conclusion: the weakest link is human process. Most losses did not require zero-day brilliance; they came from rushed transactions, reused addresses, unchecked permissions, and exposed keys. Address poisoning needs no breakthrough, only habit, like copying from history or trusting visual familiarity instead of verification. Basic security hygiene remains the best defense, because multisig cannot help once keys leak, and one careless confirmation can erase eight figures in seconds for any user. Boring checks, done every time, beat heroic recoveries and keep wallets safer in browsers.
