The cryptocurrency community is on high alert following a major security breach involving a high-profile figure. According to data provided by blockchain security firm PeckShield, an Ethereum address associated with the prominent crypto influencer known as @sillytuna (0xd2e8...ca41) has fallen victim to an address poisoning attack. This incident resulted in the unauthorized transfer of approximately $2 million worth of aEthUSDC, highlighting the persistent risks associated with wallet management and the increasing sophistication of on-chain predatory tactics.
Mechanism of the Attack and Asset Movement
Address poisoning is a deceptive technique where attackers send small amounts of tokens or zero-value transactions to a target wallet from an address that mimics the appearance of the user's frequently used contacts. By using "vanity addresses" with identical starting and ending characters, hackers hope the victim will inadvertently copy the fraudulent address from their transaction history. In this specific case, the stolen aEthUSDC—an interest-bearing version of the USDC stablecoin within the Aave ecosystem—was subsequently converted.
At the time of reporting, the stolen assets are being tracked across several locations:
- The funds were primarily converted into DAI stablecoins.
- Approximately $2 million in DAI is currently distributed between two temporary wallets controlled by the attackers.
- The specific exploiter addresses identified are 0xdCA9...c9C4 and 0xd0c2...dd3e.
Current Status of Stolen Funds
Security analysts have noted that the attackers have not yet utilized mixers like Tornado Cash to obscure the origin of the funds. Instead, they have begun bridging small amounts of capital to the Layer-2 scaling solution Arbitrum. This move is often a precursor to further laundering attempts or an effort to utilize decentralized exchanges with different liquidity profiles. Monitoring tools indicate that the majority of the DAI holdings remain stagnant in the initial attacker wallets as of March 5, 2026.
"The attackers have begun bridging small amounts of funds to Arbitrum", reported PeckShield, emphasizing the active nature of the incident.
The loss suffered by @sillytuna serves as a critical reminder for all market participants, including institutional-grade investors and Key Opinion Leaders (KOLs), to verify every character of a destination address before confirming transactions. As decentralized finance (DeFi) continues to evolve, the reliance on automated security features and manual vigilance remains the primary defense against such social engineering exploits on the Ethereum blockchain.
Frequently Asked Questions
Quick answers to the most common questions about this topic.
