On March 4, 2026, the cryptocurrency sector was shaken by a shocking security incident: a wallet named ‘Sillytuna’ fell victim to an address spoofing attack, resulting in a loss of up to $24 million in aEthUSDC. This incident was deeply tracked and publicly analyzed by blockchain security firm PeckShield, once again drawing the industry's attention to the covert yet high-risk attack method in decentralized finance (DeFi News) — address spoofing.
Address spoofing is a type of social engineering attack that exploits user behavior patterns. Attackers implant fake addresses that closely resemble legitimate ones in transaction records, tricking victims into mistakenly transferring funds to accounts under their control. In this incident, the victim inadvertently copied the forged address planted by the attacker while using the Aave platform, leading to the transfer of all assets. The relevant transaction records can be traced on the Ethereum blockchain at block 24,585,515.
The stolen funds were quickly split into two wallets, each receiving about $10 million in DAI, totaling approximately $20 million. To complicate tracking, some of the funds were cross-chain transferred to the Arbitrum network, making the asset recovery path even more complex. Additionally, around $4 million remains in the original wallet, with its purpose still unclear; it may be used for transaction fees or to prepare for subsequent diversion transfers. Currently, PeckShield continues to monitor these addresses and has not detected any large-scale mixing or withdrawal activities, with the funds remaining in a high-alert state.
Unlike traditional hacking attacks that rely on private key leaks or smart contract vulnerabilities, address spoofing does not depend on technical breakthroughs but rather exploits user negligence and default operational habits, achieving precise harvesting with a “zero technical barrier.” This attack method is highly covert and has a high success rate, making it one of the most significant non-technical risks to watch out for in the DeFi News ecosystem.
Although the identity of the victim has not been disclosed and the possibility of recovering the funds remains uncertain, mainstream security agencies have accelerated the rollout of protective tools and user education programs, including address verification plugins and secondary confirmation prompts before transactions. Notably, despite the massive losses from this incident, PeckShield data shows that the total industry crypto asset losses dropped from $194.2 million in November to $76 million in December 2025, indicating an overall improvement in security conditions, although new attack methods continue to evolve.
This incident serves as a reminder to all users: before conducting any on-chain operations, always manually verify the receiving address and avoid relying on clipboard auto-fill. Even a minor oversight can lead to irreparable financial losses. Enhancing security awareness has become an essential skill for participating in DeFi News.