TL;DR
- Armed attackers held crypto trader Sillytuna captive, stealing $24 million in assets.
- The attacker moved stolen funds across Ethereum, Arbitrum, Hyperliquid, and Bitcoin networks.
- Sillytuna offered a 10% bounty for anyone recovering the stolen crypto funds.
A crypto trader operating under the username “Sillytuna” posted a series of messages on X this week describing one of the most violent incidents in recent crypto theft history. According to the account, armed attackers held him captive, used weapons against his hands and feet, and threatened sexual assault before forcing him to hand over approximately $24 million in Aave Ethereum USDC (aEthUSDC). Law enforcement is reportedly involved, though authorities have not publicly confirmed the details of the alleged incident.
$24 million dollar theft of AUSD from 0x6fe0fab2164d8e0d03ad6a628e2af78624060322
Involved violence, weapons, kidnapp and rape threats. Obvs police involved.
Please pass on to all those who trace such things.
And now… definitely out of crypto. ****ers.
Still have limbs,ā¦
— Sillytuna (@sillytuna) March 4, 2026
The account, active on X since June 2008 and linked to a longtime NFT and gaming entrepreneur, described the physical toll plainly: “Bruised, held off while I could, but can’t do that much with axes over your hands and feet.” The posts circulated rapidly across crypto circles, drawing attention not only to the scale of the alleged theft but to the level of organized violence behind it. The trader added that he is now “definitely out of crypto.”
Sillytuna posted a 10% recovery bounty on any funds that individuals or platforms manage to retrieve ā an offer extended even to people who participated in the attack. The bounty structure reflects a pragmatic calculation common in large crypto thefts: recovering a portion of the funds through financial incentive often proves more realistic than full recovery through law enforcement channels, particularly when the attacker moves quickly to obscure the trail.
Arkham Intelligence Tracked the Funds Across Four Separate Networks
The attacker did not hold the stolen assets in place. Blockchain analytics platform Arkham Intelligence traced the movement of funds across multiple networks in what the firm described as a deliberate effort to complicate recovery. The dispersion happened fast and across enough distinct channels to suggest the attacker or a coordinating party had a pre-planned laundering route ready before the theft took place.
Of the total stolen amount, roughly $20 million sat in two Ethereum addresses converted into DAI. The remaining funds moved in three separate directions. Approximately $2.48 million was bridged to USDC on Arbitrum.
Another $2.47 million went to Hyperliquid across 19 separate accounts linked to Wagyu infrastructure, which the attacker then used to purchase Monero (XMR) ā a privacy-focused cryptocurrency specifically designed to make transaction tracing extremely difficult.
An additional $1.1 million was bridged to the Bitcoin network via LiFi, and Arkham noted the possibility that approximately 0.5 BTC was deposited into a mixing service to further obscure its origin.
The Monero conversion is the most telling element of the post-theft movement. Unlike Bitcoin or Ethereum, Monero obscures sender addresses, recipient addresses, and transaction amounts simultaneously, making blockchain forensics considerably less effective.Ā
Blockchain security firm PeckShield independently flagged the wallet activity shortly after Sillytuna’s posts surfaced, confirming that approximately $24 million in assets tied to the trader’s accounts had been drained and transferred to an external address.Ā
The independent corroboration from two separate analytics platforms adds credibility to the on-chain portion of Sillytuna’s account, even as law enforcement has yet to speak publicly on the physical attack itself.
TRACKING TODAYāS $24 MILLION CRYPTO THEFT
Sillytuna was targeted in a real-world attack by thieves who stole $23.6M of AAVE USDC from him.
The attackers moved funds to layer 2 networks, Bitcoin, and even Monero. Hereās a breakdown of the current fund locations: https://t.co/PDPqmrvmnm pic.twitter.com/cBB3Ho55jY
— Arkham (@arkham) March 5, 2026
The incident fits inside a pattern that the crypto industry has tracked with growing concern over recent months. Violent attacks targeting crypto holders, social media influencers, and public figures with known digital asset positions have increased, with perpetrators apparently calculating that physical coercion bypasses the technical security measures that protect wallets from remote exploitation.Ā
The Sillytuna case combines several elements that make recovery unlikely: a fast-moving attacker, a multi-network dispersal strategy, deliberate conversion into privacy coins, and a potential mixing service deposit for the Bitcoin portion.Ā
Each step in the chain adds friction for investigators and reduces the window during which intervention could intercept the funds. Whether the 10% bounty produces any results depends on whether someone inside the operation decides the reward outweighs the risk ā a calculation that, in cases involving organized violence, rarely resolves in the victim’s favor.
