TL;DR:
- A $24M crypto theft in stablecoins was carried out through a direct physical attack against the trader known as Sillytuna.
- Around $20M in DAI remain in two identified Ethereum addresses; the funds have not yet been sent to mixers.
- The Wagyu bridge declined to freeze the funds and only blacklisted the source wallets, limiting interception options.
A crypto trader known in the community as Sillytuna suffered a theft of more than $24 million in stablecoins following a physical attack. The incident involved no technical exploits or smart contract vulnerabilities, but rather direct coercion against the wallet holder, a method that has been gaining ground over traditional on-chain attacks.
The majority of the stolen funds, approximately $20 million in DAI, remained hours after the theft distributed across two known and publicly tracked Ethereum addresses. Another $1.1 million in BTC was held in a single address. The attackers used the Wagyu bridge to move a portion of the assets to the Arbitrum network, though transactions halted before the full transfer of funds was completed.
Physical Violence Looms Over the Crypto World
On-chain researchers and community trackers were alerted immediately and began distributing the compromised addresses across various protocols with the goal of intercepting future movements. Calls were made to Hyperliquid to freeze funds originating from blacklisted wallets, though the outcome of that effort remains uncertain. The Wagyu bridge creator publicly responded that the protocol does not freeze funds under any circumstances and that its blacklist mechanism operates similarly to that of Railgun.
Independent researchers identified that the destination wallets were linked to an address known for involvement in exploits, rug pulls, and malicious contract deployments. The original address, with the distinctive prefix 0xbeef, has documented history within the community.
Sillytuna Offers a Bounty
In February, crypto exploits fell to their lowest level in a year, with total losses of just $37.7 million across the entire month. That decline in technically driven attacks may be correlated with a shift toward physical extortion methods, where the attack vector is the asset holder themselves rather than the code.
Sillytuna offered a 10% bounty if the cryptocurrencies are returned, even if the offer comes from the perpetrators themselves. DAI, by design, has never been frozen or censored, which makes it a difficult asset to intercept once it circulates through decentralized protocols.
