Ongoing Exploit Siphons Small Amounts From Hundreds of Crypto Wallets

Generated by AI AgentJax MercerReviewed byAInvest News Editorial Team
Friday, Jan 2, 2026 2:40 am ET1min read
FLOW
--
Aime RobotAime Summary

- PeckShield reported a 60% drop in December 2025 crypto exploit losses to $76M, despite major incidents like a $50M address-poisoning scam and a $27.

3M
multisig breach.

- Address-poisoning scams and browser wallet vulnerabilities remained prevalent, with Trust Wallet and Flow protocol among the most affected platforms.

- Experts advise using hardware wallets, verifying full addresses, and avoiding transaction history reuse to mitigate risks.

- Analysts caution that declining losses may not signal reduced cybercrime, as attackers adapt methods and exploit new vulnerabilities.

PeckShield reported that

total losses from crypto exploits in December 2025 fell to $76 million
, a 60% drop from November's $194.2 million. Despite the overall decline, several significant incidents occurred, including a $50 million address-poisoning scam and
a $27.3 million breach involving a multi-signature wallet
.

Blockchain security firm PeckShield

noted 26 major crypto exploits
during the month, including one involving a private key leak in a multisig wallet.
Address-poisoning scams
, where attackers create lookalike wallet addresses, remained a common attack vector.

Browser-based wallets continue to attract attackers due to their constant online presence. In December, Trust Wallet and the Flow protocol were among the most affected

according to Cointelegraph
. Using hardware wallets, which store private keys offline, is considered one of the safest methods for long-term asset storage
according to Cointelegraph
.

Why Did This Happen?

Address-poisoning attacks rely on attackers creating wallet addresses
with similar characters to legitimate ones, often by matching the first and last four characters. This technique exploits user inattention when sending funds, particularly when users rely on transaction history
according to Global Newswire
.

Private key leaks also contributed to December's losses.

Multi-signature wallets were compromised
when attackers gained unauthorized access. PeckShield
highlighted that the breach emphasizes ongoing risks
related to key management in multi-signature systems.

How Can Users Protect Themselves?

Security experts recommend several steps to minimize the risk of exploitation. Users should verify the entire destination address before sending funds, avoid using saved transaction histories, and keep private keys offline. Hardware wallets are widely considered the most secure option for storing large amounts of cryptocurrency.

PeckShield also emphasized the importance of staying informed about common attack vectors. Attackers continue to refine techniques, making vigilance and education critical for protecting assets.

What Are Analysts Watching Next?

Industry experts caution that the decline in stolen funds does not necessarily indicate a lasting shift in cybercrime trends. Instead, attackers are likely adapting their methods to exploit new vulnerabilities. Analysts are monitoring the adoption of hardware wallets and improvements in blockchain security practices to gauge whether these measures will reduce overall losses in the future.

The Trust Wallet incident, where $7 million was stolen through its browser extension, has also drawn attention. The company has since delayed the release of an updated browser extension due to issues with the Chrome Web Store. This delay has further emphasized the need for robust supply chain security in crypto wallet development.

Comments



Add a public comment...
No comments

No comments yet