The hacker behind the $9.6 million hack of ZkLend in February has claimed that they have fallen victim to a phishing website which impersonated non-custodial crypto mixer Tornado Cash resulting in a loss of a significant amount of the stolen funds.
Blockchain analytics platform Lookonchain reported that the zkLend hacker stole 2,930 Ethereum (ETH), valued at approximately $5.4 million. In a post on X, the platform shared a screenshot of an on-chain message sent to zkLend via Etherscan on March 31, in which the hacker claimed they had lost the stolen funds to a phishing website.
“I am devastated. I am terribly sorry for all the havoc and losses caused. All the 2930 eth have been taken by [the] site owners. I do not have coins. Please redirect your efforts towards those site owners to see if you can recover some of the money. This will be my last message. It’s better to end this all. Again, I am sorry,” the hacker wrote.
On March 31, the zkLend hacker conducted multiple transactions, transferring 100 Ether at a time to an address labeled “Tornado.Cash: Router.” The series of transfers concluded with three additional deposits of 10 Ether each.
zkLend responded to the hacker’s message by urging them to return any remaining funds to the platform’s designated wallet. However, blockchain data from Etherscan shows that instead of complying, the hacker transferred an additional 25 Ether to a wallet identified as Chainflip1.
In February the decentralized money-lending protocol suffered a significant security breach resulting in the loss of millions. The hacker exploited a vulnerability related to the platform’s lending accumulator by using a small deposit and flash loans to artificially inflate the accumulator’s value.
The incident has sparked widespread discussion within the online crypto community, with many viewing the hacker’s loss of stolen funds as an instance of karmic justice.
Some members of the crypto community have speculated that the hacker may not have actually lost the stolen funds but instead orchestrated a self-phishing scheme.
The hacker’s costly mistake has added an unexpected twist to the zkLend exploit saga, fueling debate within the crypto community. While zkLend continues its efforts to recover lost funds, the incident emphasizes the persistent risks in the space—not only for victims of hacks but even for the hackers themselves.
Read More
- Hacker Steals 55 ETH by Exploiting AI Crypto Bot Dashboard
- Coinbase Users Lose $65M in Phishing Scams Amid Security Failures
- Solana Investors Lose $500K in X Phishing Attack
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.