The hackers behind the renowned Sillytuna exploit have reportedly started shifting exploited funds and laundering them. In this respect, the Sillytuna attackers have moved more than $10M across diverse services and chains. As per the data from Arkham Intelligence, the hackers are attempting to obscure the origins of the funds with these shiftings. Specifically, the early movements take into account $DAI and $BTC.
SILLYTUNA ATTACKERS MOVING $10M+ OF STOLEN FUNDSSillytuna’s attackers have started to launder their stolen Bitcoin and DAI.$1.08M Bitcoin appears to have entered a mixing service on Bitcoin, while $900K of DAI has been converted to USDT and deposited to BitKan. BitKan routes… pic.twitter.com/CE4isQ3sfF
— Arkham (@arkham) March 6, 2026
Sillytuna Attackers Bolster Crypto Laundering by Moving $10M to Exchanges and Mixers
The on-chain data points out that the Sillytuna attackers have shifted a substantial $10M for crypto laundering. These fund movements include DAI ($DAI), Bitcoin ($BTC), and Ethereum ($ETH), with hackers attempting to obscure the tracks of the funds to launder them. Particularly, they have utilized centralized crypto entities and mixers for this purpose. $1.08M in $BTC linked to the hack has already stepped into a Bitcoin mixing solution, a usual tactic that malicious actors leverage to make traceability difficult.
In the meantime, a $900,000 in the $DAI stablecoin has been swapped into $USDT as well as deposited into BitKan, an entity famous for routing crypto trades through diverse liquidity pools of several partner exchanges. The respective multi-exchange routing increases the difficulty in tracking funds, making it more complex. Keeping this in view, the Sillytna attackers are now accelerating their crypto funds laundering strategy.
Exploiters Still Hold $19M in Stolen Funds
According to Arkham, the Sillytuna attackers are aggressively shifting and laundering funds, with $10M already moved. The development highlights a notable rise in crypto theft as well as laundering activities. Even then, a $19M amount is still in the wallets of the hackers. However, they are expected to continue offloading these funds via further off-ramps, cross-chain transfers, and swaps.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Tether Freezes 3.29M USDT in Rhea Finance Hacker Address
Tether CEO Paolo Ardoino announced the freezing of 3.29 million USDT connected to a hacker linked to Rhea Finance's $7.6 million theft due to a fake token contract attack.
GateNews11m ago
Circle Faces Class Action Lawsuit Over $230M Unblocked USDC in Drift Protocol Attack
Circle faces a class action lawsuit for failing to freeze $230 million in stolen USDC after the Drift Protocol attack. Plaintiffs argue that Circle's protocols allowed attackers to move and convert the stolen funds without intervention, raising concerns about the company's responsibilities in monitoring cross-chain transfers.
GateNews12m ago
$7.6 million stolen from Rhea Finance: DeFi fake token attack manipulates the oracle
A DeFi protocol, Rhea Finance, suffered a major security vulnerability on April 16, resulting in losses of approximately $7.6 million. The attacker manipulated the oracle by creating a fraudulent token contract, causing the protocol to incorrectly assess the value of assets. This loss represents about 6% of Rhea Finance’s total value locked, demonstrating the risk of oracle manipulation attacks in the DeFi space. Users should carefully evaluate the risk of their assets.
MarketWhisper15m ago
Grinex hacked: $15 million paused from trading, pointing to an “enemy state”
Grinex, a Kyrgyz crypto exchange, paused trading and withdrawals after a large-scale cyberattack and lost about $15 million in USDT. The stolen funds were quickly converted into TRX and ETH to reduce the risk of being frozen. Grinex is believed to be the successor to the sanctioned exchange Garantex, becoming a major trading platform for ruble-to-crypto transactions. In its attack statement, Grinex pointed the incident to an “enemy state,” but it lacked concrete evidence.
MarketWhisper42m ago
Kyrgyzstan-based CEX Halts Trading After $15M USDT Cyberattack and Wallet Breach
A Kyrgyzstan-based cryptocurrency exchange suspended trading after hackers stole over $15 million USDT. The attackers moved funds across blockchains to evade detection. The incident highlights risks in centralized exchanges, especially in less regulated areas.
GateNews1h ago
Zonda CEO Reveals 4,503 BTC Cold Wallet Inaccessible as Founder Remains Missing Since 2022
Zonda, a Polish cryptocurrency exchange, faces a crisis as its cold wallet containing 4,503 Bitcoin is inaccessible, prompting a surge in withdrawal requests. CEO Kral claims the private key was never transferred during the company's takeover, and authorities are investigating the situation amid bankruptcy fears.
GateNews4h ago
