A Sophisticated On-Chain Deception Unveiled
On March 5, a major security incident was exposed by blockchain analytics firm PeckShield: a high-value wallet linked to X user @sillytuna fell victim to a sophisticated address poisoning attack, resulting in the complete loss of approximately $24 million in aEthUSDC stable assets.
This type of attack exploits user trust by generating fake wallet addresses that visually mimic legitimate ones, tricking victims into sending funds to attacker-controlled accounts. In this case, the attacker demonstrated strategic behavior by not moving all funds immediately, instead using a phased approach to avoid detection.
Tracing the Stolen Funds
On-chain analysis reveals that around 20 million DAI have been routed to two intermediary wallets under the attacker’s control. These assets have not yet entered any privacy-preserving services, remaining traceable across public ledgers. Notably, small amounts have started appearing on the Arbitrum network via cross-chain bridges—possibly a tactic to test response thresholds or begin layering transactions.
- Attack Method: Address Poisoning
- Primary Loss: $24M in aEthUSDC
- Related Assets: DAI, bridged to Arbitrum
- Current Status: Partial movement, still on-chain and trackable
Bounty Launched, Community Mobilizes
In response, @sillytuna has announced a 10% bounty for the successful recovery of the stolen assets, sparking widespread interest across the crypto community. Several blockchain investigators and security researchers have already joined the effort to trace transaction patterns and identify the perpetrator.
Security experts advise users to strengthen wallet hygiene—never rely solely on the first few characters of an address. Instead, use saved contact lists or verified labels to confirm destinations before approving any transfer.