ZkLend, a decentralized lending protocol operating on Starknet, has announced that the hacker responsible for its exploit in February lost a substantial amount of the stolen funds to a phishing scam.
In a post made on April 1, ZkLend disclosed that the attacker attempted to launder 2,930 ETH, valued at approximately $5.4 million, using the crypto mixer Tornado Cash. However, instead of utilizing the real service, the hacker inadvertently engaged with a fraudulent phishing site: tornadoeth[.]cash. Consequently, another individual successfully siphoned off the ETH.
Blockchain analytics firm Lookonchain confirmed ZkLend’s claims, validating the loss of the 2,930 ETH as a result of the phishing scam.
Interestingly, the hacker later sent a message on-chain to ZkLend’s deployer address, acknowledging the mistake. In this message, the individual expressed their remorse, stating:
“I attempted to transfer funds to Tornado but ended up on a phishing website. All the funds have been lost. I’m devastated and regret the chaos and losses inflicted. I no longer possess the coins.”
The hacker urged ZkLend to take action against the operators of the phishing site instead.
### ‘No Connection’
This unexpected twist has led to speculation regarding a possible link between the initial hacker and the phishing scammers, although no substantial evidence has emerged to validate such a theory.
In the meantime, ZkLend reported that the phishing website seems to have been operational for over five years. The protocol clarified that there is no solid evidence connecting the phishing operators to the original attacker.
Nevertheless, wallet addresses associated with the phishing site have been incorporated into ongoing efforts to trace the stolen funds.
The team also indicated that there has been a notable increase in activity from wallets linked to the hacker. Security experts, centralized exchanges, and relevant authorities are actively monitoring these movements.
ZkLend experienced its exploit in February, with blockchain security firm Cyvers estimating losses to be around $9.5 million.
The protocol had offered the attacker a 10% bounty for returning the remaining funds, but the hacker disregarded the offer and retained the funds, prompting ZkLend to collaborate with security teams from Starknet, StarkWare, and Binance for broader fund recovery initiatives.