Security weaknesses in the cryptocurrency ecosystem remain a hot-button issue. On March 4, 2026, a wallet linked to the entity known as “Sillytuna” became the latest victim, suffering a loss of approximately $24 million in aEthUSDC. Security firm PeckShield, renowned for its blockchain investigations and threat detection within the decentralized finance (DeFi) space, shared detailed insights into the attack, bringing new attention to the growing risks facing digital asset holders.
Method Behind the Scam: Address Poisoning Explained
At the core of this heist is an attack method known as address poisoning. This tactic hinges on the likelihood that users, scanning their transaction histories, will accidentally copy and use a carefully crafted fraudulent address inserted by the attacker. In this incident, the affected wallet owner unknowingly transferred their entire holdings via the Aave platform to an address controlled by the perpetrator—an address that closely resembled the correct one. The transfer was validated on Ethereum block number 24,585,515, with blockchain records confirming the movement of approximately 23.6 million aEthUSDC.
Tracking the Loot: Asset Flow Across Chains
Following the breach, the stolen crypto assets were swiftly sent to two separate wallets, with each amassing around $10 million in DAI. On-chain data revealed that these addresses jointly held about $20 million. Meanwhile, a smaller portion of the assets was transferred to the Arbitrum network, a cross-chain move designed to complicate traceability and hamper asset recovery efforts.
The remaining balance—roughly $4 million—likely covered transaction fees, bridge costs, or was split into smaller amounts and sent to additional wallets. According to PeckShield’s ongoing surveillance, no complex mixing or extensive withdrawals have occurred from these wallets to date, but the situation is under continuous observation.
This episode highlights how address poisoning continues to pose a serious risk to DeFi users. Unlike traditional hacks that rely on compromising private keys, attackers in these cases exploit behavioral habits and moments of inattention, engineering scenarios that can result in substantial and instantaneous losses.
So far, no further details regarding the compromised wallet’s owner or possible recovery of lost funds have been disclosed. Nonetheless, leading security firms in the sector are actively working on countermeasures and intensifying educational initiatives to mitigate the effects of address poisoning attacks.
In a separate report, PeckShield documented a notable decrease in crypto asset losses in December 2025. Monthly losses dropped sharply from $194.2 million in November to $76 million in December. Despite this positive trend, it is clear that innovative attack strategies continue to surface within the crypto sphere.
The latest incident underlines the need for heightened vigilance when managing wallet transactions. Even minor errors during routine address verifications can lead to devastating financial consequences, emphasizing the importance of adopting extra layers of security—especially within DeFi applications.
