December Crypto Hacks Down 60% Month-Over-Month: PeckShield

The total losses from hacks and cybersecurity exploits in the crypto industry amounted to about $76 million in December, a 60% decrease from November’s $194.2 million in losses, according to blockchain security company PeckShield.

There were 26 major crypto exploits in December, PeckShield said in an X post, with one user losing $50 million in an address poisoning scams, a type of attack where the threat actor sends small amounts of cryptocurrency from a wallet that closely resembles a legitimate wallet address, betting that the intended victim won’t notice the discrepancy.  

Typically, the first and last four characters of the addresses match, with the attacker hoping that the victim will accidentally send funds to the fraudulent address by selecting the poisoned address from their transaction history without closely examining the entire string.

Another user lost about $27.3 million in a private key leak in a multi-signature wallet hack, PeckShield said.

Although the decline in the total amount of stolen funds is a positive development, users must remain vigilant, exercising safety measures to protect against common scams and cybersecurity pitfalls.

Related: Crypto hack counts fall, but supply chain attacks reshape threat landscape

How to reduce exposure to common crypto exploits

PeckShield cited the Christmas Trust Wallet hack, which left the wallet drained of $7 million in user funds, and the $3.9 million Flow protocol hack as some of the most notable attacks of December.

The Trust Wallet exploit affected the wallet’s browser extension. Browser-based wallets are continuously connected to the internet, a design characteristic that can increase susceptibility to specific cybersecurity threats.

Using a hardware wallet, an offline storage device similar to a USB drive, to store crypto private keys is widely regarded as one of the safest storage method for digital assets.

Users can also completely neutralize the threat of address posing scams by checking every character of the destination wallet’s address several times, instead of quickly glancing at the address or selecting it from a transaction history list.

Magazine: Meet the onchain crypto detectives fighting crime better than the cops