Cú Lừa $24 Million Exposes the Sophisticated Trap in Trading History

The crypto market has just experienced another shocking loss. Approximately $24 million USD in stablecoins disappeared from a wallet linked to crypto KOL Sillytuna after the victim fell into a “address poisoning” trap — a scam that seems simple but is increasingly effective in the DeFi ecosystem.

According to an investigation by blockchain security firm PeckShield, the wallet address 0xd2e8…ca41 was drained of about $24 million USD in aEthUSDC after a transaction was mistakenly sent to the attacker’s address. Notably, this wasn’t a complex hack but resulted from a very silly mistake — copying the wrong wallet address.

Address poisoning doesn’t exploit blockchain vulnerabilities; it targets human habits. The attacker creates a wallet address with a string of characters that closely resembles the victim’s real address. Then, they send tiny-value transactions to the target wallet. These transactions cause the fake address to appear in the victim’s transaction history. The problem arises when the user needs to send funds next time. Instead of pasting the address from a trusted source, many people quickly copy from their transaction history, where the fake address is already embedded. Just one mistake can send all assets directly into the hacker’s wallet. In Sillytuna’s case, that mistake cost $24 million USD.

On-chain analysis shows the hacker isn’t rushing to launder the money immediately. About $20 million USD in DAI remains in two intermediary wallets controlled by the attacker. The fact that the funds haven’t yet been moved to mixers or privacy services suggests the hacker may be splitting the funds into smaller amounts before dispersing them across multiple chains.

A small portion of the assets has already been bridged to layer-2 Arbitrum, a common step before dispersing funds through DeFi protocols, DEXs, or cross-chain bridges to obscure traces.

The victim has announced a 10% reward for anyone or any platform that helps trace and recover the stolen assets. This offer even extends to those involved in the incident, as long as they assist in returning the stolen funds.

In recent years, address poisoning scams have surged because they have three attractive features for hackers: extremely low cost — just a few dust transactions; difficulty in detection — fake addresses look very similar to real ones; and high success rates, especially with frequent traders. Even seasoned traders can fall victim to such traps, as seen in this case.

Last year, a similar shocking incident occurred where a user lost nearly $50 million USDT after mistakenly transferring assets to a scammer’s address. Analysts considered it one of the largest on-chain scams ever recorded.

Given the unpredictable nature of hacking incidents, security experts recommend users never copy wallet addresses from transaction history, always verify the entire address — not just the first and last few characters — use whitelist addresses for large transfers, and double-check transactions on hardware wallets or ensure all parameters are correct before confirming.