Crypto KOL Loses $24 Million in Address Poisoning Attack: A Stark Security Warning

In early 2025, prominent cryptocurrency Key Opinion Leader (KOL) Sillytuna fell victim to a sophisticated address poisoning attack, resulting in the theft of $24 million worth of aEthUSDC assets. Blockchain security firm PeckShield confirmed that the attackers generated a fake address closely resembling the victim's wallet address and sent small, valueless transactions to the victim's wallet, tricking them into mistakenly copying the malicious address for subsequent transfers. Once funds were transferred to the fake address, the assets were permanently moved and difficult to recover.

In this attack, the stolen aEthUSDC (a cross-chain version of the USDC stablecoin) was quickly converted into approximately $20 million DAI and dispersed into two separate wallets. The attackers also attempted to bridge funds through the Arbitrum network, preparing to use mixing services for money laundering. This method did not rely on underlying blockchain vulnerabilities but precisely exploited human operational negligence, making it a typical social engineering attack. Notably, Sillytuna has over 25,000 followers on social platform X, and their influence makes this incident a significant warning for the crypto community. While exchange hacks and smart contract vulnerabilities often receive attention, social engineering attacks targeting individual operational habits are rapidly becoming a more frequent and stealthy threat. Security experts emphasize that the key to preventing such attacks is to improve operational rigor. Users are advised to verify the recipient address character by character before transferring funds, avoid copying directly from transaction records, prioritize using the wallet's built-in address book or verified recipient profiles, and for large transfers, always send a small test transaction to confirm the address's correctness. These simple yet effective measures could have prevented this massive loss. As the crypto ecosystem becomes increasingly complex, enhancing user security awareness is more critical than any technical protection. Every transfer should be a careful confirmation, not a careless copy.