 ▲ Cryptocurrency hacking © |
A well-known cryptocurrency influencer has shocked the market after losing a staggering $24 million in an instant to a sophisticated hacking scheme that forges wallet addresses, subsequently announcing his retirement from the industry.
According to crypto media outlet CCN on March 5 (local time), prominent influencer Sillytuna fell victim to an advanced address poisoning scam, resulting in the theft of approximately $24 million worth of aEthUSDC. Security firms PeckShield and PaiDun reported that the hacker meticulously prepared the attack before draining the wallet, exchanging the stolen funds into Ethereum (ETH) and then laundering them into approximately $20 million worth of DAI. The funds are currently stored in two wallets controlled by the hacker, with small amounts being bridged to the Arbitrum network in preparation for further laundering.
The incident has escalated beyond the loss of digital assets into real-world threats. Following the financial loss, Sillytuna reportedly faced offline physical intimidation and has requested a police investigation. After strongly warning followers about the risks of scams, he declared that he would permanently leave the cryptocurrency industry. The case marks the largest loss from an address poisoning attack in recent months, heightening alarm across the market.
Address poisoning, also known as a vanity address scam or copy-and-paste attack, is a form of social engineering that targets users’ everyday habits rather than hacking private keys. Scammers generate fake wallet addresses that closely resemble those of exchanges or partners the victim previously transacted with, matching the first and last few characters. They then send near-zero-value dust transactions to the victim using the fake address, subtly inserting the malicious address into the victim’s transaction history. If the victim carelessly copies the address from past transactions and sends funds, the assets are transferred directly into the hacker’s hands.
This tactic primarily targets whale investors and DeFi users managing substantial funds, and has become one of the most malicious phishing crimes in the crypto market. Researchers report that there have been more than 270 million address poisoning attempts on Ethereum and BNB Chain, of which 6,600 were successful, resulting in approximately $83.8 million in losses. In December 2025, a trader lost $50 million worth of Tether (USDT) after copying a fake address left in his transaction history, underscoring the ongoing scale of such incidents.
Security experts stress that to prevent such sophisticated scams, users must abandon the habit of copying addresses from transaction histories. Instead, they should use saved address books, QR codes, or verified contacts, and carefully cross-check the entire address before transferring funds. Utilizing human-readable addresses such as ENS domains and sending a small test transaction before transferring large amounts are also considered essential precautions. In the cryptocurrency market, where self-custody is the norm, an investor’s personal vigilance remains the only true line of defense.
Disclaimer: This article is for investment reference only, and we are not responsible for any investment losses incurred based on it. The content should be interpreted solely for informational purposes.