A crypto holder identified as Sillytuna lost approximately $24 million in aEthUSDC after an address poisoning attack, with the incident also involving violent threats.
According to on-chain data, the attacker has already converted most of the stolen funds.
Why it matters:
- An address poisoning attack is a crypto scam in which scammers create a lookalike address and send a small transaction to the target’s address book.
- This “poisons” the target’s address book, leading them to mistakenly send funds to the scammer’s address instead of the intended recipient.
- It relies on the fact that people may copy wallet addresses from recent transactions rather than verify the full address.
- The attack on Sillytuna is part of a broader escalating pattern. According to blockchain security firm CertiK, 2025 was the most violent year in the cryptocurrency space, with 72 recorded incidents.
The details:
- PeckShieldAlert identified the exploited address as 0xd2e8…ca41, linked to Sillytuna, with approximately $24 million in aEthUSDC drained.
- Sillytuna confirmed on X that the attack involved violence, weapons, and kidnapping threats, with police now involved.
- Lookonchain tracked the attacker converting most funds into 20.34 million DAI (DAI), with a smaller portion bridged to Arbitrum and deposited into Hyperliquid to buy Monero (XMR).
- Sillytuna is offering a 10% bounty on any funds recovered by individuals or platforms.
The big picture:
