Key Highlights
- Sillytuna attackers swapped $2M of stolen crypto into Monero, making it hard to trace.
- About $6.5M in USDC/USDT has been sent to exchanges; 375 ETH was routed through Tornado Cash.
- The stolen $24M is now spread across Ethereum, Arbitrum, Bitcoin, and Hyperliquid wallets.
An attacker who stole $24 million in crypto from Sillytuna, a crypto trader and long-time NFT and gaming entrepreneur, has reportedly moved part of the stolen funds into Monero.
On-chain investigative tool PeckShieldAlert flagged out the transaction on X on Monday, saying the attacker swapped about $2 million worth of DAI and ETH for 6,174.4 XMR.
PeckShieldAlert said Monero is currently being held on the Hyperliquid platform. The investigator also reported that the attacker transferred about $6.5 million in USDC and USDT into centralized exchanges, including OKX, MEXC, and Bitkan.
In another move linked to the stolen assets, around 375 ETH was routed through Tornado Cash, a crypto mixing service often used to hide transaction paths.
How the attack happened
The theft was first reported by Sillytuna on X on March 5. The trader said a group of attackers physically forced him to give up control of his crypto holdings.
Sillytuna said the attackers used weapons and threatened him with kidnapping and sexual assault. Sillytuna wrote in one post, “Bruised, held off while I could, but can’t do that much with axes over your hands and feet.”
Sillytuna said he tried to fight off four attackers but could not stop them. Law enforcement was contacted, and authorities are reportedly involved, though no official statement has confirmed the details of the incident. Following the attack, the stolen crypto, mostly aEthUSDC, was quickly moved across multiple blockchain networks.
Tracking the stolen funds
Blockchain analytics firm Arkham Intelligence and PeckShield have been tracking the movement of the stolen assets since the incident. Arkham reported on the same day that about $20 million of the stolen funds were converted into DAI and stored in two Ethereum addresses.
Smaller portions were bridged to other networks. Around $2.48 million was bridged to USDC on the Arbitrum network. Another $2.47 million was sent to Hyperliquid through several Wagyu-linked accounts, which were then used to purchase Monero, a privacy-focused cryptocurrency.
Approximately $1.1 million was bridged to the Bitcoin network via a cross-chain service called LiFi, with part of that amount reportedly sent to a mixing service. In short, the attacker has been actively making the funds untraceable and unrecoverable with this transfer.
Why Monero
Apparently, Monero is a token widely known in the crypto space for its strong privacy features. The network hides key information such as the sender, the receiver, and the amount being transferred.
Because of this design, transactions on the Monero network are much harder to trace compared with most public blockchains.
Meanwhile, Sillytuna has offered a 10% bounty to recover the money. “Reminder: 10% bounty of any funds individuals or platforms can recover for me. Even if you were involved,” he said. He also called on investigators and exchanges to help him trace the funds and block related suspicious transfers.
Also Read: India Digital Arrest Scam Routes ₹10.74 Cr via Crypto Exchanges
