Crypto trader loses $24M in sophisticated address poisoning scam linked to physical threats

A crypto trader known online as Sillytuna has offered a bounty to recover funds after reporting that roughly $24 million in digital assets were stolen during a violent robbery tied to a sophisticated blockchain scam.

The incident, which surfaced in early March 2026, involved a large transfer of a EthUSDC tokens from the trader’s wallet to an attacker-controlled address.

According to blockchain security researchers, the assets were later swapped into Ether (ETH) and DAI, with portions moved across different networks to complicate tracking.

The trader claims the theft involved physical threats, weapons, and kidnapping warnings, raising alarm among investors about the increasing overlap between digital crime and real-world violence in the crypto sector.

Following the incident, the victim publicly offered a 10% bounty for information that leads to the recovery of the stolen funds, urging blockchain investigators and security researchers to assist in tracing the transactions.

Violent attack tied to $24M crypto theft

The theft was first flagged by blockchain security firm PeckShield, which detected suspicious activity involving a wallet linked to the trader.

On-chain data shows that roughly $23.6 million worth of aEthUSDC was transferred in a single transaction to an unknown address.

Shortly afterward, the victim confirmed the breach and described the circumstances behind it.

“$24 million dollar theft… involved violence, weapons, kidnapping and rape threats. Police involved.” Sillytuna, crypto trader, in a public statement.

According to blockchain investigators, the attacker rapidly converted the stolen tokens into other cryptocurrencies, including ETH and approximately $20 million in DAI, and distributed them across multiple wallets.

Security researchers say such rapid conversions are a common tactic used by attackers to obscure the trail of stolen funds before moving them through mixers or privacy coins.

How the attack may have happened

Early analysis suggests the incident may be linked to a technique known as an address poisoning attack, a phishing-style scam designed to trick victims into sending funds to a fraudulent wallet that closely resembles a legitimate address.

In these schemes, attackers send small dust transactions from look-alike addresses that mimic the first and last characters of the victim’s real wallet address.

When users later copy addresses from their transaction history, they may accidentally select the fake one.

Blockchain security analysts monitoring the case say most of the stolen funds remain traceable for now.

“Around $20 million in DAI remains in two wallets, which makes the funds currently traceable.” Analysts cited in security tracking reports.

However, investigators have already observed smaller amounts being bridged to the Arbitrum network.

Bounty offered to recover stolen funds

In response to the theft, the trader publicly offered a 10% bounty for information that could help recover the funds or identify the perpetrators.

Such “white-hat” bounty offers have become increasingly common in the crypto industry, particularly when hackers or scammers can still be traced through blockchain activity.

In some previous cases, attackers have returned funds after negotiations facilitated by security researchers or exchanges.

The victim has also indicated that law enforcement authorities are investigating the case.

In addition to the financial loss, the trader stated that the ordeal has prompted a personal decision to step away from the cryptocurrency industry entirely.

A growing threat: crypto crime turning physical

The incident highlights a troubling trend in the crypto ecosystem: the rise of violent attacks targeting digital asset holders.

Unlike traditional bank accounts, cryptocurrency wallets can often be accessed instantly once attackers obtain private keys or coerce victims into transferring funds.

That dynamic has led criminals to increasingly use kidnapping, extortion, or home invasions to force transactions.

Security researchers tracking such incidents report a growing number of so-called “wrench attacks”, a term referring to situations where attackers physically threaten victims to gain access to their crypto holdings.

Experts say these attacks highlight a critical vulnerability in crypto security: while blockchain technology itself may be secure, the human element remains the weakest link.

The Sillytuna case serves as another reminder that protecting digital assets requires more than strong passwords or hardware wallets.

Personal security, privacy, and operational safety have become just as important as cybersecurity.