Crypto Hack Losses Drop 60% in December to $76M, Says PeckShield

TLDR

• Crypto hack losses in December fell by 60 percent compared to November, totaling approximately $76 million.
• A single address poisoning scam caused the largest loss in December, resulting in a $50-million theft.
• A private key leak involving a multi-signature wallet led to another major loss of around 27.3 million dollars.
• A phishing scheme by a Brooklyn man resulted in the theft of 16 million dollars from about 100 Coinbase users.
• Browser wallets continued to be a frequent target, including a 7 million dollar exploit on Trust Wallet’s browser extension.

Crypto-related exploit losses dropped sharply in December, with blockchain security firm PeckShield reporting a 60% decrease to $76 million, marking a reversal from previous monthly spikes, and reflecting reduced activity across major attack vectors even as targeted incidents persisted.

Address Poisoning Scam Drives Largest Losses

PeckShield confirmed 26 major crypto hacks in December, with fewer attacks causing larger single-event losses across the board. The biggest incident involved a $50 million address poisoning scam that tricked a user into sending funds to a fake address.

Scammers in such attacks send tiny transactions from addresses mimicking legitimate ones, hoping users mistakenly copy them during transfers. The fraudulent addresses typically match the start and end of genuine ones, making them hard to spot in transaction histories.

These exploits rely on visual confusion and quick decision-making, especially when victims are rushing through transactions or under pressure. PeckShield advised users to carefully verify each character of an address before transferring funds to avoid such errors.

“Address poisoning continues to be a favored trick for attackers,” PeckShield said in its December summary. The firm also urged users not to rely on saved transaction data when sending crypto assets to avoid redirection.

Multi-Signature Wallet Breach and Browser Wallet Threats

Another large incident involved a leaked private key that led to the theft of $27.3 million from a multi-signature wallet. Despite multi-signature protections, weak key management practices allowed attackers to gain full control over the wallet.

PeckShield said this breach highlighted that even complex wallet systems can be exposed through single points of failure. The stolen amount represents over one-third of December’s total, emphasizing the size of individual incidents over volume.

Trust Wallet’s browser extension also faced a crypto hack on Christmas Day, resulting in losses of around $7 million. PeckShield cited ongoing risks associated with browser-based wallets due to their constant internet connection and exposure.

Security firms continue to warn users about browser wallets, recommending hardware wallets for long-term private key storage. PeckShield reminded users to keep their private keys offline whenever possible and avoid sharing them under any condition.

Social Engineering and Phishing Scheme Uncovered

U.S. authorities charged Ronald Spektor, a 23-year-old from Brooklyn, with stealing $16 million through phishing and social tactics. According to prosecutors, Spektor posed as a Coinbase employee and tricked nearly 100 users into sending funds to his wallets.

He allegedly told victims their funds were at risk and urged them to act quickly, creating a false sense of urgency. Operating under the alias “lolimfeelingevil,” Spektor exploited panic and bypassed security controls through manipulation.

Officials said no technical breach occurred; instead, Spektor used psychological pressure to bypass victims’ usual caution. The Brooklyn District Attorney stated the operation relied purely on deception and not software or platform vulnerabilities.

PeckShield noted that despite the decrease in total losses, security threats remain active and require constant vigilance. The firm concluded that verifying transaction details and using cold storage can prevent many types of common crypto hacks.

The post Crypto Hack Losses Drop 60% in December to $76M, Says PeckShield appeared first on CoinCentral.