A high-profile crypto holder known as Sillytuna has lost approximately $24 million in a sophisticated address poisoning attack that escalated into violent threats. This alarming incident underscores growing vulnerabilities in crypto security and the real-world dangers faced by digital asset holders.
Attack Overview: How the $24M Loss Unfolded
On March 5, 2026, blockchain security firm PeckShield flagged a massive transfer of around 23.6 million aEthUSDC—worth nearly $24 million—from the Ethereum address 0xd2e8…ca41, linked to Sillytuna . Analysts identified the incident as an address poisoning attack, where attackers send a small “dust” transaction from a lookalike address to contaminate the victim’s transaction history. When the victim later copies an address from that history, they may inadvertently send funds to the attacker .
Following the theft, the attacker swiftly converted the stolen aEthUSDC into DAI, splitting the funds across two intermediary wallets—each holding roughly $10 million in DAI . On-chain monitoring also revealed that portions of the stolen funds were bridged to the Arbitrum network and used to purchase Monero (XMR), a privacy coin, via Hyperliquid—suggesting efforts to obscure the money trail .
Violent Threats and Law Enforcement Involvement
What sets this case apart is the real-world violence that accompanied the cyberattack. Sillytuna confirmed via social media that the theft involved threats of violence, weapons, kidnapping, and rape, and that law enforcement is now involved in the investigation . The victim also announced plans to exit the crypto industry entirely, shaken by the ordeal .
In an effort to recover the stolen funds, Sillytuna is offering a 10% bounty to anyone—individuals or platforms—who can help retrieve the assets .
Broader Context: Rising Threats in Crypto Security
This incident is part of a broader surge in address poisoning attacks. In January 2026 alone, one victim lost $12.2 million in a similar scam, adding to a $50 million loss in December 2025 . Security researchers estimate that over 270 million poisoning attempts have targeted 17 million users, resulting in at least $83.8 million in confirmed losses .
Moreover, the Ethereum Fusaka upgrade appears to have lowered transaction costs, making dust attacks more affordable and widespread. Analysts report that tiny “dust” transfers now account for 11% of all Ethereum transactions and affect 26% of active addresses daily . Physical threats against crypto holders are also on the rise—2025 saw a 75% year-over-year increase in violent incidents, with kidnapping and assault becoming more common .
Impact on Stakeholders
Victim: Sillytuna
- Lost approximately $24 million in aEthUSDC.
- Faced violent threats and is now cooperating with law enforcement.
- Offered a 10% bounty for recovery of funds.
- Plans to leave the crypto industry entirely.
Crypto Community
- The incident highlights the growing sophistication of phishing attacks.
- It underscores the need for better wallet security and user awareness.
- Physical safety of crypto holders is now a pressing concern.
Security Firms and Wallet Developers
- Address poisoning remains one of the most persistent phishing methods.
- Only a few wallets currently warn users when sending funds to suspicious addresses .
- There is an urgent need for built-in safeguards, such as similarity detection and warning prompts.
Analysis and Future Implications
This attack illustrates a dangerous convergence of cybercrime and physical violence. As attackers increasingly blend digital theft with real-world threats, the stakes for crypto holders have never been higher.
Address poisoning exploits human error—specifically, the tendency to rely on abbreviated address formats. Until wallet interfaces evolve to display full addresses or flag suspicious ones, users remain vulnerable. Academic research shows that only three out of 53 popular Ethereum wallets currently issue explicit warnings when users attempt to send funds to lookalike addresses .
The use of privacy coins like Monero in laundering stolen funds further complicates recovery efforts. As attackers pivot toward more opaque methods, law enforcement and blockchain tracing tools must adapt quickly.
This incident may prompt wallet developers to implement stronger anti-phishing features, such as similarity detection, warnings, and manual address verification prompts. Regulatory bodies could also push for industry standards to protect users from address poisoning and related scams.
Conclusion
The case of Sillytuna’s $24 million loss in an address poisoning attack tied to violent threats is a stark warning for the crypto industry. It reveals how digital vulnerabilities can escalate into physical danger and highlights the urgent need for improved wallet security, user education, and law enforcement readiness. As address poisoning attacks proliferate and evolve, the crypto community must respond with stronger defenses and greater vigilance.
Frequently Asked Questions
What is an address poisoning attack?
An address poisoning attack involves sending a small “dust” transaction from a lookalike wallet address to contaminate a victim’s transaction history. The victim may later copy the wrong address and send funds to the attacker.
How did Sillytuna lose $24 million?
Sillytuna’s wallet was compromised through an address poisoning attack. The attacker drained approximately $24 million in aEthUSDC, converted most of it into DAI, and began laundering via Arbitrum and Monero.
Were there real-world threats involved?
Yes. Sillytuna confirmed that the attack involved threats of violence, weapons, kidnapping, and rape. Law enforcement is now involved in the investigation.
What is being done to recover the funds?
Sillytuna is offering a 10% bounty to anyone who can help recover the stolen assets. Law enforcement and blockchain tracing tools are also engaged.
How widespread are address poisoning attacks?
Very widespread. Researchers estimate over 270 million poisoning attempts have targeted 17 million users, resulting in at least $83.8 million in confirmed losses.
How can users protect themselves?
Users should always verify full wallet addresses manually, use wallets that flag suspicious addresses, and avoid relying on copy-paste from transaction history.
