A high-profile crypto holder, known online as Sillytuna, has lost approximately $24 million in a sophisticated address poisoning attack that escalated into a violent, real-world assault. The incident, which involved threats of kidnapping and sexual violence, has prompted a police investigation and raised urgent concerns about the intersection of digital security and physical safety in the crypto space.
Attack Overview and Timeline
On March 4, 2026, blockchain security firm PeckShield flagged a massive transfer of 23,596,293 aEthUSDC—worth roughly $23.5 million—from a wallet associated with Sillytuna (0xd2e8…ca41) to an attacker-controlled address (0x6fef…a246032) . Analysts identified the incident as an address poisoning attack, a phishing technique where attackers insert look-alike addresses into a victim’s transaction history, tricking them into sending funds to the wrong recipient .
Following the theft, the attacker swiftly converted approximately $20 million of the stolen assets into DAI and distributed them across two intermediary wallets—each holding around $10 million . Additionally, small amounts of the funds were bridged to the Arbitrum network, a move likely intended to fragment the trail and complicate recovery efforts .
Physical Threats and Victim’s Response
What distinguishes this case from typical address poisoning scams is the involvement of physical coercion. Sillytuna reported that attackers used weapons and issued threats of kidnapping and rape to force the transfer of funds. In a post on X (formerly Twitter), the victim stated: “Still have limbs, phew,” confirming that the assault was real and traumatic .
Law enforcement is now involved, and Sillytuna has announced plans to exit the crypto industry entirely, citing the severity of the incident . The victim also offered a 10% bounty for any assistance in recovering the stolen funds .
Address Poisoning: A Growing Threat
Address poisoning has become one of the most pervasive phishing schemes in the crypto world. Security researchers estimate that over 270 million poisoning attempts have occurred across Ethereum and BNB Chain, resulting in confirmed losses exceeding $83.8 million .
High-profile cases include a $68 million loss in Wrapped Bitcoin (WBTC) in May 2024, where a trader was deceived into sending funds to a nearly identical spoofed address . In December 2025, another trader lost nearly $50 million in USDT after copying a poisoned address from their transaction history. That victim offered a $1 million bounty for the return of 98% of the stolen funds and filed criminal charges .
Significance and Implications
Digital Security Meets Physical Danger
This incident underscores a disturbing escalation: crypto theft has crossed from digital deception into violent coercion. The use of physical threats to force transactions—sometimes referred to as “wrench attacks”—raises the stakes for crypto holders, especially those with high-value holdings .
Erosion of Trust and Industry Impact
The attack has broader implications for user confidence in crypto. If even experienced participants can be targeted both online and offline, the perceived safety of self-custody and decentralized finance may be undermined. Wallet providers and platforms may face increased pressure to implement stronger safeguards and user protections.
Law Enforcement and Recovery Challenges
While the funds remain partially traceable, bridging to Arbitrum and the use of intermediary wallets complicate recovery. Law enforcement involvement is critical, but the decentralized nature of crypto makes tracing and reclaiming assets difficult. The offered bounty may incentivize white-hat recovery efforts, but success is far from guaranteed.
Future Outlook
- Wallet developers must prioritize anti-poisoning features, such as warning users when sending to suspicious addresses. Research shows only a few wallets currently offer such protections .
- Regulatory bodies may consider mandating stronger security standards for wallet interfaces and transaction verification.
- The crypto community may see increased demand for physical security measures among high-net-worth holders.
- Continued monitoring and reporting of address poisoning trends will be essential to understanding and mitigating this threat.
Conclusion
The case of Sillytuna—where a crypto holder loses $24 million in an address poisoning attack tied to violent threats—marks a chilling convergence of digital fraud and physical violence. It highlights vulnerabilities in both user behavior and wallet design, while raising urgent questions about safety, trust, and the future of self-custody. As the industry grapples with this new reality, stronger protections, both technical and legal, are more essential than ever.
Frequently Asked Questions
What is an address poisoning attack?
An address poisoning attack involves sending small “dust” transactions from look-alike addresses to a victim’s wallet history. When the victim later copies an address, they may select the poisoned one by mistake, sending funds to the attacker .
How much money was stolen in this incident?
Approximately $24 million worth of aEthUSDC was stolen from the victim’s wallet in a single transaction .
Were physical threats involved in this case?
Yes. The victim reported that attackers used weapons and issued threats of kidnapping and rape to coerce the transfer of funds. Law enforcement is now involved .
What happened to the stolen funds?
Around $20 million was converted into DAI and split across two intermediary wallets. Some funds have been bridged to the Arbitrum network, likely to obscure the trail .
How common are address poisoning attacks?
They are increasingly common. Over 270 million poisoning attempts have been recorded across major blockchains, with confirmed losses exceeding $83.8 million .
What can users do to protect themselves?
Users should avoid copying addresses from transaction history, verify full addresses manually, and use wallets that warn against suspicious addresses. Developers should implement anti-poisoning safeguards in wallet interfaces .
