Trader alleges violent $24M ’wrench’ crypto robbery, offers 10% bounty as funds traced on-chain

Published: 2026-03-05 06:18:31 |

A crypto holder using the handle “Silly Tuna” says attackers used physical violence and threats to force the transfer of roughly $24 million in digital assets. The victim reported the assault and contacted police, then offered a 10% bounty for recovered funds and asked blockchain investigators to trace the stolen assets. Security firm PeckShield analyzed on-chain movements and described the incident as an address-poisoning attack that drained about $24M in aEthUSDC from a victim-linked address. Approximately $20M in DAI sits in two attacker-controlled staging wallets (about $10M each) that have not yet been mixed, while small portions have been bridged to Arbitrum. The attack illustrates the growing risk of “wrench attacks” — violent coercion to obtain private keys or force transfers — and highlights that substantial stolen funds remain traceable on-chain for now. No recoveries were reported at press time.

Bearish

This incident is likely bearish for short-term market sentiment, particularly for assets associated with the breached wallets and for smaller-cap tokens tied to on-chain security narratives. Violent, high-profile thefts (wrench attacks) increase perceived custodial risk among retail and institutional holders, which can prompt selling pressure, reduced risk appetite, and greater demand for custodial or insured services. The fact that ~$20M in DAI remains in unmixed staging wallets and some funds are being bridged to Arbitrum may lead to increased on-chain activity and volatility for DAI and any bridged tokens as attackers attempt to launder proceeds; traders may react by deleveraging or reducing exposure to related liquidity pools. In past high-value thefts (for example large DeFi exploits or publicized exchange hacks), markets often saw short-term price weakness and heightened volatility, though losses were usually absorbed over weeks as exchanges and custodians adjusted risk measures. Long-term impact is likely muted for major assets (e.g., ETH, DAI) unless the event reveals a systemic protocol vulnerability; here the attack appears to be social/physical exploitation combined with an address-poisoning technique, so it underlines counterparty and personal-security risks rather than protocol insolvency. Traders should watch on-chain flows from the identified attacker wallets, bridging activity to Arbitrum, and any law-enforcement or recovery developments that could return funds or freeze attacker-controlled addresses.