1 day ago
ZkLend, a decentralized lending protocol built connected Starknet, has confirmed that the hacker liable for its February exploit mislaid a important information of the stolen funds to a phishing scam.
In an April 1 post connected X, ZkLend revealed that the attacker tried to launder 2,930 ETH, worthy astir $5.4 million, done crypto mixer Tornado Cash.
However, alternatively of utilizing the morganatic platform, the hacker mistakenly interacted with a malicious phishing site: tornadoeth[.]cash. As a result, different enactment successfully drained the ETH.
Blockchain analytics steadfast Lookonchain corroborated ZkLend’s findings, confirming the nonaccomplishment of 2,930 ETH owed to the phishing incident.
Interestingly, the hacker aboriginal sent an on-chain connection to ZkLend’s deployer address, admitting the blunder. In the message, the attacker wrote:
“I tried to determination funds to Tornado but utilized a phishing website. All the funds person been lost. I’m devastated and atrocious for the havoc and losses caused. I don’t person the coins anymore.”
The hacker urged ZkLend to prosecute the phishing tract operators instead.
‘No connection’
This unexpected crook has fueled speculation that the archetypal hacker and the phishing scammers mightiness beryllium connected, though nary impervious has surfaced to enactment that theory.
Meanwhile, ZkLend stated that the phishing website appears to person been progressive for implicit 5 years. The task furthered that nary factual grounds links the phishing operators to the archetypal hacker.
Nonetheless, wallet addresses tied to the phishing tract person been added to ongoing fund-tracing efforts.
The squad besides noted accrued enactment from wallets associated with the hacker. Security experts, centralized exchanges (CEXs), and applicable authorities were monitoring these movements successful real-time.
ZkLend was exploited successful February, with blockchain information steadfast Cyvers estimating the nonaccomplishment astatine astir $9.5 million.
The protocol offered the attacker a 10% bounty if they returned the rest. However, the hacker ignored the connection and kept the funds, prompting ZkLend to spouse with information teams from Starknet, StarkWare, and Binance successful a broader money betterment effort.
The station Hacker falls unfortunate to phishing scam aft exploiting ZkLend for millions appeared archetypal connected CryptoSlate.
English (US) 