What percentage of losses in December were due to phishing attacks?

Phishing attacks accounted for approximately 79% of total December losses, equivalent to $93.4 million out of $118 million.

Which projects suffered the largest losses in December?

Trust Wallet lost $8.5 million due to phishing, while Flow and Unleash Protocol each lost $3.9 million due to technical exploits.

How do December losses compare to the previous month?

December's $118 million in losses represents a 37% increase compared to November's $86 million.

What basic security measures do experts recommend?

Experts recommend multisig wallets and time-locks for large amounts, mandatory protocol audits, and user education on recognizing phishing.

Should miners be concerned if they don’t use decentralized protocols?

Even without direct use of protocols, miners should be vigilant about phishing and wallet security, as service and infrastructure compromises can indirectly affect cryptocurrency operations.

December 2024 Crypto Vulnerabilities Lead to $118M Losses

In December 2024, crypto vulnerabilities caused $118M in losses, with $93.4M from phishing. Major victims include Trust Wallet, Flow, and Unleash Protocol.

December 2024 ended with total losses from cryptocurrency vulnerabilities amounting to $118 million, according to a CertiK report. The majority of these losses — $93.4 million — were linked to phishing schemes, highlighting the critical importance of protection against social engineering. Major incidents noted in the report include cases involving Trust Wallet, Flow, and Unleash Protocol, with monthly losses rising 37% compared to November.

Overview of Vulnerabilities in December 2024

The total $118 million reflects a combination of attack vectors: social engineering, smart contract vulnerabilities, and private key compromises. These incidents occurred across various networks and ecosystem components, from wallets to governance protocols and oracles. This distribution indicates that security issues persist both at the user level and infrastructure level.

Phishing as the Primary Threat

Phishing attacks accounted for approximately 79% of all losses in December, equivalent to $93.4 million, with attackers employing increasingly sophisticated tactics. The report describes fake airdrop announcements, counterfeit support channels, and multi-chain methods affecting Ethereum, BNB Chain, and Polygon networks. For understanding social engineering and how to recognize it, the article on protection against scammers is useful, revealing typical attack scenarios and basic precautions.

Analysis of Key Incidents

Trust Wallet

Trust Wallet lost $8.5 million due to a phishing campaign targeting wallet recovery phrases. The report notes that attackers combined fake extensions and social engineering techniques to collect seed phrases. Details of the incident and its impact on users are described in the article on the Trust Wallet hack.

Flow

In Flow's case, the damage totaled $3.9 million and was linked to validator node compromises and governance mechanism vulnerabilities. The attack demonstrated the critical need to protect validator keys and voting processes in decentralized governance networks. This incident illustrates that even infrastructure components require special security attention.

Unleash Protocol

Unleash Protocol also lost $3.9 million due to a combination of a flash-loan attack and price oracle manipulation. This case shows how technical exploits and market manipulation can combine to drain funds from protocols. Such incidents emphasize the importance of robust pricing mechanisms and liquidity controls.

Comparison with Previous Months

Compared to November, when total losses were $86 million, December showed a 37% increase and a significant rise in financial damage. The report notes that the share of phishing in the loss structure grew, and the number of serious incidents increased. This indicates a shift in attacker priorities and the need to revise protective measures.

Security Recommendations

Following the December incidents, experts recommend combining technical measures with user caution to reduce risks. The CertiK report and other specialists advise implementing multisignature wallets and time-locks for large transactions, conducting mandatory audits before launches, and using anomaly detection tools.

Multisig wallets and time-locks for large holdings
Mandatory code audits and oracle verification
User education on recognizing phishing and verifying sources

Why This Matters

Even if you mine and don’t keep large sums in hot wallets, the rise in phishing and protocol exploits increases overall ecosystem risks. Liquidity compromises and service hacks can indirectly affect the availability and cost of services you use to withdraw or exchange mined cryptocurrency. Understanding attack vectors helps take practical steps and avoid falling victim to simple social engineering tricks.

What to Do?

For a miner with one or a thousand devices, just a few consecutive steps can reduce personal risks and protect funds. Below is a practical guide that can be implemented quickly and without significant expense.

Separate storage: keep earnings in cold wallets or multisig schemes, and use minimal amounts on hot addresses for operational needs.
Never enter seed phrases in browsers or install suspicious extensions; verify official sources and hashes during updates.
Check airdrop announcements and support only through official project channels; avoid clicking suspicious links in messages and social media.
Use hardware wallets for significant amounts and enable available transaction preview features in wallets.