A high-profile crypto holder, known online as Sillytuna, has lost approximately $24 million in a sophisticated address poisoning attack that escalated into a violent physical assault. The incident involved threats with weapons, kidnapping, and sexual violence, prompting law enforcement involvement and raising alarm across the U.S. crypto community.
Attack Overview and Immediate Fallout
On March 5, 2026, blockchain security firm PeckShield flagged a massive transfer of about $24 million in aEthUSDC from a wallet associated with Sillytuna (0xd2e8…ca41) to an attacker-controlled address, marking one of the largest address poisoning incidents to date .
Address poisoning is a deceptive tactic where attackers send a small “dust” transaction from a lookalike address to the victim’s wallet history. When the victim later copies the address—often checking only the beginning and end—they inadvertently send funds to the scammer .
Following the theft, the attacker rapidly converted the stolen aEthUSDC into DAI, splitting roughly $20 million across two intermediary wallets, each holding about $10 million . Portions of the funds were also bridged to Arbitrum and used to purchase Monero (XMR), a privacy-focused cryptocurrency, complicating recovery efforts .
Violent Coercion: Wrench Attack or Address Poisoning?
While initial reports labeled the incident as an address poisoning scam, Sillytuna clarified that the theft involved real-world violence. In a public post, they stated the attackers used weapons and issued kidnapping and rape threats, confirming police involvement .
Some analysts now classify the incident as a “crypto wrench attack”—a term describing physical coercion used to force victims into transferring funds or revealing private keys . This distinction underscores the growing convergence of digital and physical threats in the crypto space.
Broader Context: Rising Threats in Crypto Security
Address poisoning attacks are not new, but their frequency and scale have surged. In 2025 alone, over 270 million poisoning attempts were recorded across Ethereum and BNB Chain, resulting in confirmed losses exceeding $83.8 million .
Notable past incidents include a $50 million USDT loss in December 2025, where a trader mistakenly sent nearly $50 million to a poisoned address after a dust transaction appeared in their history . In May 2024, a user lost $68 million in WBTC due to a similar exploit .
These attacks exploit human error and interface design flaws. Many wallets hide the middle portion of addresses, making it easy for users to overlook subtle differences . Academic research confirms that only a few wallets offer explicit warnings when users attempt to send funds to known phishing addresses .
Impact on Stakeholders
Victim: Sillytuna
Sillytuna’s loss is both financial and psychological. The violent nature of the attack has led them to announce their exit from the crypto industry entirely . They have also offered a 10% bounty for any recovered funds, signaling both desperation and hope for restitution .
Crypto Community
This incident has heightened awareness of physical threats targeting crypto holders. The term “wrench attack” is gaining prominence, and security experts warn that such threats are becoming more common .
Security Firms and Law Enforcement
Blockchain analysts are closely monitoring the attacker’s wallet activity, which remains partially traceable. Law enforcement agencies are now involved, though recovery remains uncertain .
Preventative Measures and Expert Advice
Security experts recommend several best practices to mitigate address poisoning risks:
- Avoid copying addresses from transaction history; use saved contacts, QR codes, or verified address books .
- Always verify the full address before sending funds—not just the first and last characters .
- Use human-readable names like ENS domains when possible .
- Conduct small test transactions before transferring large sums .
- Enable withdrawal whitelists and address book features in wallets and exchanges .
- Store large holdings in cold storage and ignore dust transactions .
Analysis and Outlook
This case illustrates the evolving threat landscape in crypto. Address poisoning attacks are no longer limited to digital deception—they now intersect with real-world violence. The blending of physical coercion with technical scams raises the stakes for crypto holders.
Law enforcement and security firms must adapt. Traditional cybercrime frameworks may not suffice when attackers resort to physical intimidation. Collaboration between blockchain analysts, wallet providers, and authorities is essential.
Wallet developers also face pressure to enhance UI design and implement safeguards. Features like full-address verification, phishing alerts, and transaction confirmation prompts could significantly reduce risk.
Finally, the crypto community must acknowledge that security extends beyond code. Personal safety and physical security are now integral to protecting digital assets.
Conclusion
The violent theft of $24 million from Sillytuna in a wrench-style address poisoning attack marks a disturbing escalation in crypto crime. It underscores the urgent need for stronger security practices, improved wallet design, and coordinated responses from law enforcement and industry stakeholders. As threats evolve, so must the defenses.
Frequently Asked Questions
What is an address poisoning attack?
An address poisoning attack involves scammers sending a small transaction from a lookalike wallet address to the victim’s transaction history. When the victim copies the address later, they may mistakenly send funds to the scammer.
How did Sillytuna lose $24 million?
Sillytuna fell victim to an address poisoning attack and was coerced through violent threats to transfer approximately $24 million in aEthUSDC. The stolen funds were converted into DAI and partially bridged to Arbitrum and Monero.
What is a crypto wrench attack?
A crypto wrench attack involves physical violence or threats used to force a victim to transfer funds or reveal private keys. In this case, Sillytuna reported weapons, kidnapping, and sexual violence threats.
Can stolen crypto be recovered?
Recovery is challenging. Some funds remain traceable in intermediary wallets, and law enforcement is involved. Sillytuna has offered a 10% bounty for any recovered funds.
How can users protect themselves?
Best practices include verifying full wallet addresses, avoiding copying from history, using address books or ENS domains, conducting test transactions, and storing large holdings in cold wallets.
Are such attacks common?
Address poisoning attacks are increasingly frequent. In 2025, over 270 million attempts were recorded across major blockchains, resulting in tens of millions in confirmed losses. The addition of physical coercion marks a dangerous new trend.
