$24M Crypto Drained In Address Poisoning Attack Linked To Sillytuna Wallet

A major security breach has shaken parts of the crypto community after blockchain security researchers revealed that a wallet linked to the user known as Sillytuna was drained in a sophisticated address poisoning attack, resulting in losses of roughly $24 million in digital assets.

The compromised wallet, identified as 0xd2e8…ca41, was reportedly targeted by attackers who manipulated transaction patterns to trick the victim into interacting with a malicious wallet address. According to analysis from blockchain security firm PeckShield, the exploit led to the loss of approximately $24 million worth of aEthUSDC, a tokenized version of USD Coin commonly used within decentralized finance systems.

Address poisoning attacks have become an increasingly common tactic in the crypto space. In these schemes, attackers send small transactions to a target wallet using an address that closely resembles a legitimate one. Over time, this can cause victims to mistakenly copy and reuse the malicious address when sending funds, allowing the attacker to intercept large transfers.

The scale of the loss in this case quickly caught the attention of on-chain investigators and security researchers monitoring suspicious activity across the Ethereum ecosystem.

$20 Million In DAI Still Sitting In Attacker Wallets

While the initial exploit involved around $24 million, investigators say a large portion of the funds has not yet been fully moved or obscured.

Blockchain tracking shows that about $20 million in DAI, the decentralized stablecoin created by MakerDAO, is currently sitting in two intermediary wallets controlled by the attacker. These wallets appear to be acting as staging addresses while the attacker decides how to move the funds next.

The two addresses flagged by analysts include:

•  0xdCA9…c9C4, holding roughly $10 million in DAI
•  0xd0c2…dd3e, holding another $10 million in DAI

At the moment, the funds in these wallets have not yet passed through mixers or complex laundering routes, something that could make it easier for investigators to keep track of them.

In many large crypto exploits, attackers temporarily park stolen assets in intermediate wallets before attempting to break the transaction trail through privacy services, cross-chain transfers, or decentralized exchanges. Because a large portion of the funds is still visible on-chain, analysts say the situation remains actively traceable for now.

Hacker Begins Moving Funds Toward Arbitrum

Even though much of the stolen crypto is still sitting in staging wallets, the attacker has already begun moving small portions of the funds across networks.

On-chain monitoring indicates that some of the assets are being bridged to Arbitrum, a Layer-2 network built to scale transactions on Ethereum.

Cross-chain bridging is a strategy frequently used in crypto exploits. By spreading funds across multiple blockchain networks, attackers can make it more difficult for investigators and exchanges to follow the trail of transactions.

Rather than moving all the stolen assets in one large transfer, the attacker appears to be sending smaller amounts over time, possibly to avoid triggering automated alerts used by crypto exchanges and blockchain monitoring firms.

This slow-movement strategy has become increasingly common in recent crypto thefts, especially when large sums are involved.

Stolen Funds Reportedly Headed Toward Hyperliquid

Investigators tracking the stolen assets believe part of the funds may be moving toward the decentralized trading platform Hyperliquid.

According to reports shared within the blockchain investigation community, the attacker may be planning to use the platform to convert funds into Monero (XMR).

Monero is widely known as one of the most privacy-focused cryptocurrencies. Unlike many blockchains where transaction details remain publicly visible, Monero uses advanced cryptographic techniques to conceal wallet addresses and transaction amounts.

Because of this design, converting stolen funds into Monero can make it significantly harder for investigators to track the assets once they leave transparent blockchains like Ethereum.

This tactic has appeared in several previous high-profile crypto hacks, where attackers attempt to move funds into privacy coins before investigators can intervene.

Victim Claims Threats Were Involved In The Incident

The situation appears to extend beyond a purely technical exploit. The victim connected to the compromised wallet has reportedly stated that the attack involved violent threats, adding a more serious dimension to the incident.

According to the victim, law enforcement authorities have already been contacted and police are now involved in the investigation.

Although full details have not been publicly disclosed, the claim suggests investigators may be examining whether intimidation or coercion played a role in the loss of funds.

In recent years, the crypto industry has seen a rise in cases where digital asset theft overlaps with real-world pressure tactics, including extortion and threats directed at wallet holders.

Authorities in several jurisdictions have started paying closer attention to these types of incidents as the value of crypto holdings continues to grow.

10 Percent Bounty Offered To Recover Funds

In an effort to recover the stolen assets, the victim has already announced a 10% bounty for anyone who helps recover the funds.

Interestingly, the reward offer reportedly extends even to individuals who may have been involved in the attack, provided they assist in returning the stolen assets.

Bounty offers have become a familiar response after major crypto exploits. Victims often use them to encourage cooperation from hackers, insiders, or independent investigators who might have information that could help recover the funds.

While these offers do not always lead to successful recoveries, there have been several cases in the past where attackers returned funds in exchange for a portion of the assets being treated as a “white-hat” reward.

For now, blockchain investigators continue to monitor the movement of the stolen crypto closely. Because blockchain transactions remain permanently recorded on public ledgers, analysts believe the attacker’s movements can still be tracked, at least until the funds are potentially converted into privacy-focused assets.

The incident also serves as another reminder of the risks that come with large digital asset holdings. As the crypto ecosystem continues to expand, security experts say users must remain vigilant, especially when copying wallet addresses and interacting with unfamiliar transactions.

For the victim behind the Sillytuna wallet, the next few days could be critical as investigators race to trace the stolen funds before they disappear deeper into the crypto ecosystem.

Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.

Follow us on Twitter @themerklehash to stay updated with the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!