Here is the rewritten content in HTML format:
ZkLend Hacker Loses Stolen Funds to Phishing Scam
ZkLend, a decentralized lending protocol built on Starknet, has confirmed that the hacker responsible for its February exploit lost a significant portion of the stolen funds to a phishing scam.
Hacker’s Mistake
In an April 1 post on X, ZkLend revealed that the attacker tried to launder 2,930 ETH, worth around $5.4 million, through crypto mixer Tornado Cash.
However, instead of using the legitimate platform, the hacker mistakenly interacted with a malicious phishing site: tornadoeth.cash. As a result, another party successfully drained the ETH.
Phishing Scam
Blockchain analytics firm Lookonchain corroborated ZkLend’s findings, confirming the loss of 2,930 ETH due to the phishing incident.
Admission of Blunder
Interestingly, the hacker later sent an on-chain message to ZkLend’s deployer address, admitting the blunder. In the message, the attacker wrote:
“I tried to move funds to Tornado but used a phishing website. All the funds have been lost. I’m devastated and sorry for the havoc and losses caused. I don’t have the coins anymore.”
The hacker urged ZkLend to pursue the phishing site operators instead.
No Connection
This unexpected turn has fueled speculation that the original hacker and the phishing scammers might be connected, though no proof has surfaced to support that theory.
Meanwhile, ZkLend stated that the phishing website appears to have been active for over five years. The project furthered that no concrete evidence links the phishing operators to the original hacker.
Nonetheless, wallet addresses tied to the phishing site have been added to ongoing fund-tracing efforts.
Increased Activity
The team also noted increased activity from wallets associated with the hacker. Security experts, centralized exchanges (CEXs), and relevant authorities were monitoring these movements in real-time.
Original Exploit
ZkLend was exploited in February, with blockchain security firm Cyvers estimating the loss at approximately $9.5 million.
The protocol offered the attacker a 10% bounty if they returned the rest. However, the hacker ignored the proposal and kept the funds, prompting ZkLend to partner with security teams from Starknet, StarkWare, and Binance in a broader fund recovery effort.
Conclusion
The unexpected turn of events highlights the importance of vigilance in the blockchain and cryptocurrency space. The hacking community is constantly evolving, and it is crucial for users to stay informed and take necessary precautions to protect their assets.
FAQs
Q: What is the extent of the loss?
A: The hacker lost 2,930 ETH, worth around $5.4 million, due to the phishing scam.
Q: How did the hacker attempt to launder the funds?
A: The hacker tried to launder the funds through crypto mixer Tornado Cash, but mistakenly interacted with a malicious phishing site.
Q: What is the current status of the fund-tracing efforts?
A: Wallet addresses tied to the phishing site have been added to ongoing fund-tracing efforts, and security experts, centralized exchanges, and relevant authorities are monitoring the situation in real-time.
Q: What is the next step for ZkLend?
A: ZkLend will continue to work with security teams and relevant authorities to pursue the phishing site operators and recover the stolen funds.
Q: What is the total loss estimated by blockchain security firm Cyvers?
A: The total loss is estimated to be approximately $9.5 million.
