Crypto Hacks Drop 60% in Dec 2025, $76M Lost vs $194M in Nov

The Peckshield report, shared via X, details a month where the scale of crypto exploits contracted sharply. The total of $76.2 million, spread across 26 incidents, marks a notable improvement from the preceding months. The single largest event was a sophisticated $50 million address-poisoning scam, a technique where attackers create wallet addresses nearly identical to a victim’s to trick them into sending funds to the wrong destination. This incident alone accounted for over 65% of December’s total losses, highlighting how targeted social engineering can yield massive payoffs for criminals.

Other significant breaches contributed to the month’s tally. A $27.3 million multisig breach occurred on a wallet identified as 0xde5f…e965, compromised due to a critical private key leak. The exploit of babur.sol resulted in $22 million in losses. Trust Wallet suffered an $8.5 million theft around Christmas, stemming from a trojanized Chrome extension uploaded via a compromised Web Store API key and GitHub secrets. Meanwhile, Unleash Protocol lost $3.9 million after a hacker seized control of its multisig governance to execute an unauthorized contract upgrade, and the Flow blockchain experienced a $3.9 million breach due to an execution layer vulnerability that allowed illicit asset minting and transfers.

Despite December’s positive trend, the full-year data from Peckshield paints a stark picture of a sector under relentless attack. The cumulative losses from just the top ten hacks in 2025 exceeded $2.2 billion. This figure is dominated by the year’s most devastating incident: the February breach of exchange Bybit, where attackers drained approximately 401,000 ETH, worth around $1.4 billion at the time, from the platform’s wallets. This single event set a grim tone for the year and remains a stark reminder of the catastrophic risks associated with centralized custody of digital assets.

The decentralized finance (DeFi) space was not spared. In May, Cetus, a concentrated-liquidity DEX on the Sui blockchain, lost $223 million after attackers exploited a protocol flaw to manipulate pricing and drain liquidity. November saw Balancer V2 suffer a $128 million exploit linked to a rounding-error bug in its composable stable pools. Similarly, Bitget reported roughly $100 million in losses in April due to manipulation of its VOXEL market-making infrastructure. These incidents illustrate how complex, unaudited code and novel financial mechanisms create lucrative attack vectors for hackers.

Centralized exchanges also remained prime targets. Phemex experienced an $85 million hot wallet breach in January, while Iran-based Nobitex fell victim to a theft of $80–90 million from hot wallets in June. In these cases, the platforms typically froze withdrawals to protect remaining assets and worked to resume services, though recovery of the stolen funds varied. The concentration of value in exchange hot wallets continues to present a high-reward opportunity for cybercriminals.

The sharp 60% month-over-month decline in December 2025 losses is a positive data point, but its causes and sustainability are unclear. It could reflect improved security postures following a catastrophic year, seasonal variations in criminal activity, or simply the random distribution of high-value targets. The nature of the December incidents—from address poisoning and private key leaks to compromised API keys—shows that threats are multifaceted, targeting both technical infrastructure and human error.

The overarching narrative from Peckshield’s data is one of extreme volatility in loss amounts but consistent vulnerability. While a month like December shows improvement, the annual total of over $2.2 billion in major hacks confirms that blockchain security remains a critical, unsolved challenge. The diversity of victims—from major centralized exchanges like Bybit and Phemex to DeFi protocols like Cetus and Balancer V2, and even infrastructure like Trust Wallet’s extension—demonstrates that no segment of the crypto ecosystem is immune. As the industry evolves, so too do the sophistication and scale of attacks, making continuous vigilance, auditing, and user education paramount for risk mitigation.