Meet the Top 101 in Crypto
News
5 min read

Crypto Influencer Sillytuna Loses $24M in Address Poisoning Scam — How It Happened

Published 05 March 2026
Prashant Jha
Authors

Key Takeaways

  • Crypto influencer sillytuna lost roughly $24 million in aEthUSDC after falling victim to a sophisticated address-poisoning scam.
  • Attackers used fake look-alike wallet addresses and dust transactions to trick the victim into sending funds.
  • The stolen assets were swapped into ETH and then DAI, while the victim says threats followed the attack and plans to leave crypto entirely.

In crypto, the most devastating attacks often don’t involve broken code or stolen private keys — they exploit human habits.

That reality played out dramatically this week when a well-known crypto influencer, Sillytuna, lost roughly $24 million in a sophisticated address-poisoning scam, according to blockchain security firms.

The incident, which unfolded on March 5, highlights how increasingly common social-engineering attacks are targeting even experienced market participants.

The victim says the situation escalated beyond digital theft, alleging real-world threats that prompted police involvement and ultimately led to a decision to leave the crypto industry entirely.

Try Our Recommended Crypto Exchanges
Sponsored
Disclosure
Opened in 2018
Promotions
Deposit $100, Get an Extra $300 in GOLD!
Coins
Shiba Inu Bitcoin PAX Gold Ampleforth Ethereum +70
Promotions
Receive up to $100,000 worth of exclusive gifts for newcomers upon registration.
Coins
Bitcoin Ethereum Tether USD Coin Solana +76
Opened in 2017
Promotions
Experience a 1-minute swap on a non-custodial platform.
Coins
Bitcoin Ethereum Tether Build'N'Build USD Coin +217
Show More

How the $24 Million Attack Unfolded

Sillytuna, whose associated Ethereum address is 0xd2e8827d4b1c44f64d1fa01bfbc14dc8545eca41, became the latest high-profile victim of an address-poisoning attack.

Blockchain security firms PeckShield and PaiDun flagged the incident shortly after it occurred, reporting that attackers used a carefully staged poisoning campaign before draining the wallet.

The stolen funds consisted primarily of aEthUSDC, a bridged version of the USDC stablecoin.

After the transfer, the attacker quickly swapped the tokens into ETH and later converted the proceeds into roughly $20 million in DAI.

According to on-chain investigators, the funds now sit in two attacker-controlled wallets and have not yet passed through mixers.

However, investigators observed the attacker bridging small portions of the assets to Arbitrum, suggesting preparations for further laundering.

Analysts also identified intermediary wallets used as routing hubs for the main transfer.

The scale of the loss makes it one of the largest known address-poisoning incidents in recent months.

But what sets the case apart is the aftermath.

Sillytuna, known online for market commentary and crypto trading discussions, warned followers about the risks and said the incident pushed them to step away from the industry entirely.

How Address Poisoning Tricks Victims

Address poisoning — sometimes called a vanity address scam or copy-paste attack — is a form of social engineering that targets how users manage wallet addresses.

Unlike traditional hacks, attackers do not need access to private keys or wallet credentials.

Instead, they exploit how people copy addresses from transaction histories.

The process typically unfolds in several stages.

First, scammers generate look-alike wallet addresses using vanity address tools.

These addresses mimic the beginning and end of legitimate addresses that the victim has interacted with before, such as exchange deposit wallets or trading partners.

Because most wallets and blockchain explorers shorten addresses for readability — showing only the first and last few characters — the fake address can appear identical at a glance.

Next, the attacker sends a small “dust” transaction to the victim’s wallet from the fake address. The transaction might contain only a few cents or even zero value.

This step inserts the malicious address into the victim’s transaction history.

Later, when the victim attempts to send funds and copies an address from previous transactions, they may accidentally select the poisoned address instead of the real one. The funds then go directly to the attacker.

Security researchers say the tactic has become one of the most persistent phishing schemes in crypto.

Studies tracking the phenomenon estimate that attackers launched more than 270 million poisoning attempts across Ethereum and BNB Chain, with at least 6,600 successful thefts totaling roughly $83.8 million.

A Growing Pattern of High-Value Attacks

The Sillytuna incident joins a growing list of major address-poisoning losses.

In December 2025, a trader reportedly lost around $50 million in USDT after copying a poisoned address that had appeared in their wallet history months earlier.

Other incidents throughout 2024 and 2025 targeted high-value wallets belonging to DeFi users, traders and crypto “whales.”

In one large campaign, researchers observed funds sent to poisoning scams surge more than 15,000%, according to on-chain analytics.

The pattern is clear: attackers increasingly target wallets holding large balances and those that frequently interact with the same addresses.

How Users Can Protect Themselves

Despite their sophistication, address-poisoning scams rely heavily on simple mistakes — which means a few security habits can significantly reduce risk.

Security experts recommend several basic precautions:

  • Avoid copying addresses from transaction history. Instead, use saved address books, QR codes or verified contacts.
  • Verify the entire address before sending funds, not just the first and last few characters.
  • Use human-readable names such as ENS domains (for example, name.eth) where possible.
  • Send a small test transaction first before transferring large sums.
  • Enable withdrawal whitelists and address books in wallets and exchanges.
  • Ignore dust transactions and store large holdings in dedicated cold-storage wallets.

More advanced users often add additional layers of protection, such as multisignature wallets, hardware wallet confirmations and strict address-reuse policies.

Still, as the sillytuna case demonstrates, even experienced users can fall victim when attackers exploit everyday wallet habits.

In a market built on self-custody, vigilance remains the first line of defense.

Prashant Jha

Prashant Jha is a seasoned crypto journalist based in Delhi, India, with a Bachelor’s Degree in Computer Science Engineering. Passionate about the evolving world of blockchain and cryptocurrencies, he has been a dedicated voice in the industry since 2018. Prashant’s expertise lies in regulatory reporting, where he unravels complex legal and financial developments with clarity and precision. Before joining CCN in 2024, he honed his craft at Cointelegraph, establishing himself as a trusted name in crypto journalism.

His coverage spans major industry events, including the high-profile collapses of FTX, Three Arrows Capital (3AC), and LUNA, offering readers insightful analyses of their regulatory and market implications. Prashant’s technical background enables him to bridge the gap between intricate blockchain technology and its real-world applications, making his work accessible to novices and experts.

Beyond his professional pursuits, Prashant is an avid music enthusiast, often exploring diverse genres to unwind. A sports lover, he has a particular passion for cricket and frequently engages in discussions about the game. His multifaceted interests and sharp journalistic instincts make him a valuable contributor to CCN, where he continues shaping the crypto landscape's narrative.

Related

Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
DMCA.com Protection Status