December crypto losses total $117.8 million, with phishing attacks and address poisoning as the main threats

According to the latest news, the total losses in the crypto sector in December due to vulnerability attacks amounted to approximately $117.8 million. Among these, phishing attacks accounted for $93.4 million, nearly 80%, while address poisoning issues are even more alarming, with a single loss of $51.8 million. This data once again reminds the entire industry that security issues are far from resolved.

Composition and Characteristics of Attack Losses

Based on CertiK Alert monitoring data, security incidents in December show clear structural features:

The most noteworthy is the address poisoning problem. The logic behind this type of attack is simple but effective: hackers create phishing addresses on the blockchain that resemble legitimate addresses, causing users to accidentally transfer assets to the wrong place. This type of attack accounts for 55% of phishing losses, indicating that it has become the main method used by hackers.

The Real Threat of Vulnerabilities Seen from Unleash Protocol

Related information provides a specific case. On December 30, Unleash Protocol experienced a multi-signature vulnerability attack, resulting in unauthorized withdrawals of various assets including WIP, USDC, WETH, stIP, and vIP. Among these, 1337.1 ETH (about $3.9 million) was transferred by hackers to Tornado Cash for mixing.

What does this case illustrate:

• Low barrier to exploit vulnerabilities: Multi-signature mechanisms, which should be security guarantees, became an attack entry point
• Fast mixing of stolen assets: Assets were quickly sent to privacy mixers, increasing tracking difficulty
• Significant losses from a single event: $3.9 million is just one of many attacks in December

The Unleash team has paused the protocol and is working with security experts to review, but the damage has already been done.

Security Audits Are Not a Panacea

Interestingly, related information mentions that some projects have passed dual audits by CertiK and OpenZeppelin, being labeled as “secure foundations.” However, based on December’s data, even projects that have undergone audits can become victims. This indicates that:

• Audits mainly target vulnerabilities at the code level
• Operational security (such as multi-signature management and permission settings) is often a weak link
• Hackers’ attack methods are constantly evolving, and audits cannot cover all risks

Future Directions to Watch

Based on current information, the following areas are expected to receive more attention:

• Address verification tools: Wallets and exchanges will strengthen address recognition functions to reduce the success rate of poisoning attacks
• Multi-signature security standards: The industry may establish stricter management norms for multi-signature setups
• User education: Phishing and address poisoning fundamentally exploit user negligence; raising awareness is key

Summary

The $117.8 million loss in December reflects the current security landscape of the crypto industry: although technological defenses are improving, human factors and new attack methods continue to create vulnerabilities. Phishing accounts for nearly 80%, with address poisoning becoming a “killer move” for hackers. The Unleash Protocol case reminds us that even projects serious about security can stumble.

For users, this is not despairing data but a clear signal: before participating in any operation in this field, double-check addresses and be cautious with unfamiliar links. These basic actions may protect your assets more effectively than any audit report.