In a stark reminder of the persistent threats within the digital asset space, the crypto community was rocked by two major security incidents in early 2025, exposing vulnerabilities from individual user error to systemic failures in law enforcement custody.
The first incident involved a catastrophic $24 million loss suffered by prominent cryptocurrency influencer Sillytuna. Blockchain security firm PeckShield confirmed the loss resulted from a sophisticated address poisoning attack, also known as a “vanity address scam.” The attacker siphoned $24 million worth of aEthUSDC, a bridged version of the USDC stablecoin, from an address associated with Sillytuna, who commands an audience of 25,000 followers on platform X. The attacker then converted a significant portion into approximately $20 million in DAI, distributing funds across two wallets and beginning to bridge small amounts to the Arbitrum network, a common preparatory step before laundering funds.
Address poisoning exploits human error by generating a wallet address that mimics the first and last several characters of a victim’s genuine address. The attacker sends a trivial transaction from this fake address, hoping the victim will later copy the fraudulent address from their transaction history for a legitimate payment, resulting in permanent loss.
The second incident revealed shocking allegations against officials from Queenbee Coin. According to an exclusive report from JoongAng Ilbo and confirmed by the Seoul Gangnam Police Station, Queenbee Coin employees allegedly convened an internal meeting in May 2022 to plan the theft of approximately 22 BTC (worth around $1.5 million or 2 billion won) that had been seized by Seoul police during an investigation. Police evidence suggests the suspects utilized a previously known mnemonic code to execute the transfer, bypassing security measures protecting the confiscated assets. Arrests have been made based on witness statements and circumstantial evidence.
This case highlights significant challenges in securing digital assets within legal proceedings, raising urgent questions about procedural safeguards for seized cryptocurrency. The incident occurred despite South Korea's stringent regulations, including the Specific Financial Information Act enacted in March 2021, and reveals persistent security gaps in law enforcement custody protocols.
Both incidents underscore a critical need for enhanced security measures. For individual users, experts recommend manual address verification, using wallet address books, sending test transactions, and employing human-readable ENS domains. For institutions and law enforcement, the Queenbee Coin case mandates a review of custody solutions, with international best practices recommending multi-signature wallets, hardware security modules, and potentially third-party custodians for seized assets.
The movement of stolen funds in the Sillytuna case across chains like Arbitrum also demonstrates the evolving challenges of tracking assets in a multi-chain ecosystem, increasing the importance of blockchain analytics firms like PeckShield and Chainalysis.
