Crypto Exploits Decline Sharply, With Only $76M Stolen in December 2025

December’s losses were spread across 26 incidents, showing fewer large-scale breaches rather than a total absence of attacks.

Blockchain security firm Peckshield has shared that December 2025 closed with a surprising decrease in crypto exploit losses.

On-chain data shows the figures fell by 60% compared with those recorded in November.

$76 Million Lost Across 26 Incidents

According to the Peckshield report revealed via X, hacks and cybersecurity exploits in the crypto sector dropped in December 2025, with only $76.2 million stolen across 26 major incidents. This figure represents a 60% decrease from November’s $194.2 million.

The largest single hack during the period was a $50 million address-poisoning scam, where attackers mimicked wallet addresses to trick a user into misdirecting funds. Another notable incident involved a $27.3M multisig breach on a wallet identified as 0xde5f…e965, which was compromised due to a private key leak.

Other attacks that made it to the top 5 include the exploit of babur.sol, which resulted in $22 million in losses. The Trust Wallet hack, which occurred around Christmas, involved a trojanized Chrome extension uploaded via a compromised Web Store API key and GitHub secrets, leading to the theft of $8.5 million in user funds.

Unleash Protocol also suffered a $3.9 million loss in December after a hacker gained control of its multisig governance and executed an unauthorized contract upgrade. Meanwhile, the Flow blockchain experienced a $3.9 million breach caused by an execution layer vulnerability that allowed the attacker to mint and transfer assets across services before the network was halted.

Crypto Industry Loses Over $2.2 Billion in 2025 Hacks

Despite the December dip, on-chain data reveals that 2025 was another challenging year for the digital asset sector, with over $2.2 billion lost in the top 10 hacks. Bybit’s $1.4 billion breach in February, which saw attackers drain approximately 401,000 ETH from the exchange’s wallets, remains the year’s most devastating hack.

You may also like:

Other major incidents included Cetus, a concentrated-liquidity DEX on Sui, which lost $223 million in May after attackers exploited a protocol flaw to manipulate pricing and drain liquidity.

Balancer V2 also suffered a $128 million exploit in November linked to a rounding-error bug in its composable stable pools, while Bitget reported roughly $100 million lost in April due to manipulation of its VOXEL market-making infrastructure.

Centralized exchanges were also targeted, with Phemex experiencing an $85 million hot wallet breach in January and Iran-based Nobitex falling victim to $80–90 million stolen from hot wallets in June. In each case, the platforms froze withdrawals, protected the remaining assets, and worked to resume services, while the amount recovered from the losses differed.