Sillytuna: The Indie Developer Forced to Send $24 Million

A longtime crypto figure and indie game developer was the victim of a violent home invasion in the UK in March 2026. Four assailants. $24 million taken.

In March 2026, a longtime crypto community figure who used the online identity Sillytuna was the victim of a violent home invasion in the United Kingdom. According to CertiK's wrench attack report and accounts the victim later shared publicly, four assailants entered his home and physically forced him to transfer approximately $24 million in aEthUSDC, a yield-bearing stablecoin held in his personal wallet. The funds were laundered cross-chain and converted to Monero shortly afterward.

Sillytuna had been part of the crypto industry for years. Beyond his on-chain activity, he was known as an indie game developer with a public presence in the NFT and crypto-art communities. His online persona was familiar to many people in those circles. That visibility, in retrospect, made him identifiable as a target.

The attack itself was traumatic. According to the victim's own statements, the assailants used weapons and made threats against him, including threats of further physical violence. He was held down by multiple attackers and coerced into authorizing transactions from his wallet under duress. The full sequence of events is being treated with discretion in the public reporting; only the broad facts have been confirmed.

UK law enforcement opened an investigation. As of May 2026, no public arrests have been announced and the funds remain largely unrecovered. The conversion path - aEthUSDC to other stablecoins, then bridged across chains, then swapped to Monero - is consistent with patterns documented by blockchain analytics firms tracking similar attacks. Once funds reach Monero, on-chain tracing effectively stops.

The Sillytuna case became a touchstone for a wider conversation in the crypto community about physical security. Throughout 2025 and 2026, the number of so-called wrench attacks - violent crimes targeting cryptocurrency holders - has risen sharply. CertiK's research counted 34 verified wrench attacks globally between January and April 2026 alone, a 41 percent increase year-over-year. France has emerged as the global hotspot, but the UK, the US, and other European countries have all recorded incidents.

The pattern across these attacks is now well-understood. Attackers identify high-value targets through leaked customer data from exchanges, tax-software companies, or hardware-wallet providers. Ground-level operators - usually small teams of three to five people - are recruited through encrypted messaging apps and dispatched to the target's home. Senior coordinators based in Morocco, Dubai, or Eastern Europe purchase the data, orchestrate the timing, and handle the laundering. The victims are individuals whose names, addresses, and approximate holdings have appeared somewhere those operators could buy.

For the crypto community, the Sillytuna case prompted serious self-examination. Many longtime members of the industry began removing or anonymizing their public identities. Some moved to Switzerland, Dubai, or other jurisdictions perceived as more secure. Conversations about operational security shifted from technical concerns - hardware wallets, cold storage, multisig - to physical concerns: home security, anonymity, even relocation.

The crypto industry has begun building infrastructure responses. Specialized insurance products covering physical attacks on crypto holders have entered the market. Some hardware wallet providers have introduced features designed to make duress transactions detectable or reversible. Dedicated security consultancies for high-net-worth crypto individuals have grown rapidly. None of these are complete answers. They are partial responses to a problem the industry did not fully anticipate.

Sillytuna himself has spoken publicly about the experience in limited terms, primarily to warn others. The transparency was, in its own way, an act of generosity to a community that had not been ready to confront the physical-violence dimension of this work. He was specific about one thing: the assailants knew exactly who he was, where he lived, and what he held. That information had to come from somewhere.

The crypto industry promised that self-custody meant freedom. For many people, it has. For a growing number of others, it has meant the freedom to be targeted directly, without an institution between them and the people who want their money. Sillytuna's case is one of the costs of that promise being delivered.

If you or someone you know is struggling, help is available. National Suicide Prevention Lifeline: 988 (US). Crisis Text Line: Text HOME to 741741. International Association for Suicide Prevention: https://www.iasp.info/resources/Crisis_Centres/