Sillytuna quits crypto after PeckShield flags $24 Mn aEthUSDC theft

A crypto wallet linked to the user Sillytuna has reportedly lost around $24 million in a sophisticated exploit known as an address poisoning attack, according to blockchain security firm PeckShield. 

In this case, a wallet with the address 0xd2e8…ca41 was tricked into sending funds to a malicious address that resembled a legitimate address.

Sillytuna, a crypto KOL, later confirmed on social media that a serious security issue did, in fact, involve his personal address, causing a loss of around $24 million in AUSD.

He said the incident involved violence, weapons, and kidnapping threats, and that police are now handling the case. 

Sillytuna added that he will fully exit the crypto industry, saying he is “grateful to have kept all my limbs.”

How did the attack take place?

The stolen assets were primarily aEthUSDC, a tokenized version of USDC used in decentralized finance (DeFi) systems. 

Address poisoning is a deceptive tactic in which attackers send tiny transactions from wallet addresses that closely resemble legitimate ones. 

The malicious addresses form part of a user’s transaction history. This makes it even more likely that a victim will accidentally copy the attacker’s address instead of the correct one when making a future transaction. When a victim sends money to this address, they cannot recover it since it goes to the attacker.

In this attack, the attacker was successful in stealing a value of around $24 million in aEthUSDC. According to blockchain records, these stolen funds have been moved rapidly using several intermediary accounts.

PeckShield reports that around $20 million in DAI, a popular decentralized stablecoin, is currently held by two intermediary accounts controlled by the attacker. This money has not yet been laundered or ‘mixed,’ meaning it is still visible on public blockchain records.

However, it has already begun moving parts of the stolen money across different blockchain networks. According to analysts, it has been observed that small amounts of these stolen assets are being transferred to the Arbitrum network, a layer 2 Ethereum scaling solution.

Transferring these assets across different networks is a common technique used by hackers to evade tracking and ultimately direct these assets to different exchanges or mixers.

Address poisoning attacks see rise in crypto world 

The use of intermediary wallets and cross-chain transactions implies that the perpetrator was planning to gradually launder the stolen money rather than liquidate it immediately. Security experts usually monitor these wallets with interest since large transactions often imply that the perpetrator is trying to exchange the money with other tokens or withdraw it using central exchanges.

Address poisoning attacks have become more common in the crypto space, with most attackers using this tactic rather than exploiting vulnerabilities. Instead of exploiting vulnerabilities, attackers use the tendency of users to copy wallet addresses from the transaction history. Since blockchain transactions are irreversible, users can lose money in the process.

The attack is also a reminder to users that it is necessary to verify the address before transacting, especially when the transaction is large in value. Experts have been reminding users of the need to verify the address before transacting, especially when the transaction is large in value, as well as the need to consider the use of hardware wallets.

For the time being, the crypto community is observing the movement of the stolen funds, as the community remains watchful on whether the funds will be recovered or laundered successfully.