Las pérdidas por explotación criptográficas caen un 60% en diciembre de 2025, marcando un final positivo al año: investigación

Crypto-related losses from hacks and cybersecurity exploits fell sharply in December 2025, dropping 60% month-on-month to about $76 million

. This represents a notable decline from November's figure of $194.27 million. The drop in losses is the most significant reduction since mid-2025.

The largest single incident in December was an address poisoning scam, where a user lost $50 million

. In such attacks, threat actors create wallet addresses that closely resemble legitimate ones, exploiting user inattention during transactions. This remains a persistent threat despite the overall decline in losses.

PeckShield, a blockchain security firm, noted that while the reduction is encouraging, it does not indicate a permanent shift in the threat landscape. Browser-based wallets and key management vulnerabilities continue to be high-risk areas

.

What Driven the Drop in Crypto Exploit Losses?

PeckShield

to improved detection and response measures by security teams. Faster identification of breaches and quicker containment efforts helped limit the scale of losses. The firm also highlighted that better user education and tools for verifying transaction addresses may have played a role.

The month saw 26 major crypto exploits

. These incidents, however, were often concentrated in a few high-profile cases, with smaller breaches becoming less impactful due to improved response protocols.

The use of hardware wallets, which are offline storage devices, has also increased, reducing exposure to address poisoning and other common exploits

. This trend may have contributed to the overall decline in losses.

How Did the Major December Incidents Unfold?

Address poisoning scams dominated December's losses, with the $50 million incident being the most notable

. Attackers sent small transactions from visually similar addresses to confuse victims. The scam succeeded due to subtle differences in the wallet address that many users failed to verify.

A second major incident involved a private key leak tied to a multi-signature wallet, resulting in $27.3 million in losses

. The breach highlights ongoing vulnerabilities in key management, even in multi-signature systems that typically require multiple approvals.

Trust Wallet also suffered a $7 million exploit on Christmas Day, as attackers targeted its browser extension

. Browser wallets remain attractive targets due to their constant internet connectivity, which increases susceptibility to real-time exploits.

What Are Analysts Worrying About for 2026?

Despite the drop in December, PeckShield warns that the threat landscape remains fluid

. Attackers are expected to adapt and refine their techniques, potentially increasing the sophistication of scams and exploits. The firm advises users to remain vigilant and adopt basic security practices, such as verifying each character of a destination address and avoiding reliance on saved transaction histories.

Security researchers also point to the growing threat of scam centers operating in Southeast Asia

. These centers are linked to large-scale phishing and fraud schemes, and enforcement agencies are now actively targeting the infrastructure that enables them. However, experts stress that sustained international cooperation is required to address these threats effectively.

The development of agentic AI in 2026 introduces new cybersecurity risks

. As AI systems begin to act autonomously—making decisions and executing transactions on behalf of users—new vulnerabilities may emerge. These systems could become both operators and victims of cyberattacks, requiring new security frameworks to protect digital assets.

In summary, while December 2025 brought a rare decline in crypto exploit losses, the overall threat environment remains dynamic. Users and institutions must continue to invest in security measures and stay informed about evolving attack methods to minimize risks in 2026.