December’s losses were spread across 26 incidents, showing fewer large-scale breaches rather than a complete absence of attacks.
Blockchain security firm Peckshield said December 2025 closed with a surprising decrease in crypto exploit losses.
On-chain data shows the numbers fell 60% from those recorded in November.
$76 million lost in 26 incidents
According to the Peckshield report revealed via This figure represents a 60% decrease from November’s $194.2 million.
The largest hack during this period was a $50 million address poisoning scam, in which attackers spoofed wallet addresses to trick a user into embezzling funds. Another notable incident involved a $27.3 million multisig breach on a wallet identified as 0xde5f…e965, which was compromised due to a private key leak.
Other attacks ranked in the top 5 include the babur.sol exploit, which resulted in losses of $22 million. The Trust Wallet hack, which occurred around Christmas, involved a trojanized Chrome extension downloaded via a compromised Web Store API key and GitHub secrets, leading to the theft of $8.5 million in user funds.
Unleash Protocol also suffered a $3.9 million loss in December after a hacker took control of its multisig governance and executed an unauthorized contract upgrade. Meanwhile, the Flow blockchain suffered a $3.9 million breach caused by an execution layer vulnerability that allowed the attacker to create and transfer assets between services before the network was shut down.
Crypto Industry Loses Over $2.2 Billion in 2025 Hacks
Despite December’s drop, on-chain data reveals that 2025 was another tough year for the digital assets sector, with over $2.2 billion lost in the top 10 hacks. Bybit’s $1.4 billion breach in February, which saw attackers drain around 401,000 ETH from the exchange’s wallets, remains the most devastating hack of the year.
You might also like:
Other major incidents include Cetus, a liquidity-focused DEX on Sui, which lost $223 million in May after attackers exploited a protocol flaw to manipulate prices and drain liquidity.
Balancer V2 also suffered a $128 million exploit in November related to a rounding error bug in its composable stable pools, while Bitget reported a loss of around $100 million in April due to manipulation of its VOXEL market-making infrastructure.
Centralized exchanges have also been targeted, with Phemex suffering an $85 million hot wallet breach in January and Iran-based Nobitex suffering $80 million to $90 million stolen from hot wallets in June. In each case, the platforms froze withdrawals, protected remaining assets and worked to resume services, while the amount recovered from losses varied.
SECRET PARTNERSHIP BONUS for CryptoPotato readers: Use this link to sign up and unlock $1,500 in exclusive BingX Exchange rewards (limited time offer).
