$50 Million Address Poisoning Scam Tops December 2025 Crypto Losses as Exploits Shift to Social Engineering

By /
LinkedInMessengerRedditTelegramThreadsWhatsApp

TL;DR

  • A single address poisoning scam drained $50 million, making it the largest crypto exploit of December 2025
  • Total monthly losses fell 60% to $76.2 million across 26 incidents, down from $194.2 million in November
  • Social engineering attacks like address poisoning are overtaking smart contract exploits as the primary threat vector
  • A $27.3 million multisig breach and the $8.5 million Trust Wallet Chrome extension compromise also ranked among the month’s top incidents
  • Despite December’s dip, the crypto industry lost over $2.2 billion in the top 10 hacks of 2025

Blockchain security firm PeckShield has released its monthly report for December 2025, and the numbers reveal a striking shift in how attackers are targeting cryptocurrency users. Total losses from hacks and exploits fell to $76.2 million across 26 incidents — a 60% decline from November’s $194.2 million. But the single largest attack was not a smart contract vulnerability or a bridge exploit. It was an address poisoning scam that netted attackers a staggering $50 million.

How Address Poisoning Works

Address poisoning is a deceptively simple social engineering technique that exploits the way users interact with wallet addresses. Attackers generate a wallet address whose first and last characters closely match those of a target’s frequent transaction partner. When the victim copies an address from their recent transaction history, they inadvertently select the spoofed address instead of the legitimate one.

The scale of the December attack — $50 million from a single victim — underscores how effective this technique has become, particularly against users managing large portfolios who rely on visual address matching rather than full address verification or address book features.

At the time, Bitcoin was trading at approximately $90,400 and Ethereum hovered around $3,061, according to CoinMarketCap historical data. The broader market showed muted volatility, with total crypto market capitalization remaining above $3.3 trillion.

Other Major December Incidents

Beyond the headline-grabbing address poisoning scam, December saw several other significant incidents. A $27.3 million multisig wallet breach — identified by the address prefix 0xde5f and suffix e965 — resulted from a private key leak, raising questions about key management practices even among sophisticated users.

The babur.sol exploit added another $22 million in losses. Meanwhile, the Trust Wallet Chrome extension compromise, which came to light around Christmas, involved a trojanized extension uploaded through a compromised Chrome Web Store API key and leaked GitHub secrets. Approximately $8.5 million in user funds were drained before the malicious extension was discovered and replaced with a secure version.

Unleash Protocol suffered a $3.9 million loss after an attacker gained control of its multisig governance and executed an unauthorized contract upgrade. The Flow blockchain experienced a similarly sized $3.9 million breach caused by an execution layer vulnerability that allowed the attacker to mint and transfer assets before the network was halted.

A Year of Record Losses

Despite the relative calm of December, 2025 was one of the costliest years on record for crypto security. Over $2.2 billion was lost across the top 10 hacks alone. The February breach of Bybit remains the year’s defining incident — attackers drained approximately $1.4 billion worth of Ethereum from the exchange’s cold wallets in what was later attributed to North Korea’s TraderTraitor campaign.

Other major incidents included the $223 million Cetus exploit on Sui in May, the $128 million Balancer V2 vulnerability in November, and the $100 million Bitget market manipulation incident in April.

Why This Matters

The dominance of address poisoning and social engineering attacks in December signals a fundamental shift in the threat landscape. As DeFi protocols harden their smart contracts and formal verification becomes more common, attackers are pivoting to the weakest link in any security chain: human behavior.

For users, the lesson is clear. Verifying the full destination address before sending funds, using address book features in wallets, and implementing hardware wallet confirmations for large transactions are no longer optional precautions — they are essential defenses against a rapidly evolving attack playbook.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making financial decisions.

🌱 FOR BUSINESSES BitcoinsNews.com
Reach 100K+ Crypto Readers
Sponsored content, press releases, banner ads, and newsletter placements. Put your brand in front of Bitcoin's most engaged audience.

5 thoughts on “$50 Million Address Poisoning Scam Tops December 2025 Crypto Losses as Exploits Shift to Social Engineering”

    1. Ingrid S.

      Jackson Price social engineering overtaking contract exploits as the main threat vector makes sense. code can be audited but humans are always the weakest link

      Reply
  4. addr_book_

    $50M from one victim who copied the wrong address. if youre moving more than 7 figures and not using an address book thats on you tbh

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

BTC$80,859.00-0.1%ETH$2,318.59-0.4%SOL$94.74+1.1%BNB$652.32+0.2%XRP$1.45+1.6%ADA$0.2792+2.0%DOGE$0.1092+0.9%DOT$1.35-1.1%AVAX$10.06+0.3%LINK$10.49-0.9%UNI$3.86-6.1%ATOM$2.01+3.2%LTC$58.40-0.5%ARB$0.1425-0.8%NEAR$1.52-3.1%FIL$1.13-4.0%SUI$1.27+12.2%BTC$80,859.00-0.1%ETH$2,318.59-0.4%SOL$94.74+1.1%BNB$652.32+0.2%XRP$1.45+1.6%ADA$0.2792+2.0%DOGE$0.1092+0.9%DOT$1.35-1.1%AVAX$10.06+0.3%LINK$10.49-0.9%UNI$3.86-6.1%ATOM$2.01+3.2%LTC$58.40-0.5%ARB$0.1425-0.8%NEAR$1.52-3.1%FIL$1.13-4.0%SUI$1.27+12.2%
Scroll to Top