ZkLend Hacker Gets Hacked: Loses $5.4M Stolen ETH in Phishing Scam

Key Takeaways

• A hacker stole $5.4 million worth of ETH from lending protocol zkLend.
• In a fate of karma, the hacker claimed to have lost all the funds in a phishing scam.
• The crypto community believes the hacker lied about getting scammed.

Hacks in the crypto space are not new, but hackers meeting karma is a rare occurrence, and that is what happened with the zkLend hacker.

A hacker siphoned off $5.4 million worth of Ethereum from the zkLend protocol, only to lose it all on Tornado Cash.

ZkLend Hacker Gets Scammed

A zkLend hacker fell prey to perfect karma on April Fool’s Day after a phishing scam while trying to launder stolen funds via crypto mixer Tornado Cash.

The hacker stole 2,930 ETH worth $5.4 million from layer-2 lending protocol zkLend. When pressed by the developers to return the stolen funds, the hacker claimed to have lost it all by mistakenly clicking on a phishing link.

The hacker wallet noted :

“I tried to move funds to Tornado, but I used a phishing website, and all the funds have been lost. I am devastated. I am terribly sorry for all the havoc and losses caused. All the 2930 eth have been taken by that site owners.” 

The hacker asked the zkLend developers to redirect their efforts toward the phishing site owners to recover the funds and apologized for the incident.

Crypto Community Suspect Phishing Website Linked to Hacker

As the zkLend drama unfolded on April Fool’s Day, many in the crypto community suspected the phishing website was part of an elaborate hacker plan to dodge responsibility.

The founder of Web3 Hunter said that, in his opinion, both wallets belonged to the hacker. It has become common for hackers to claim to be scammed themselves. The hackers use this method for tax loss harvesting and wash trading.

Another user by the name of DirectorV suspected the same, claiming that the hacker might not be dumb enough to do that while adding:

“My instinct says the new wallet belongs to the same hacker. It’s how people do tax loss harvesting, wash sales or pretend their X account got hacked. Same playbook.”

zkLend’s official X account shot down potential rumors that the phishing website was linked to the hacker and said it appears to have been operating for over five years. 

“At this stage, security teams do not have conclusive evidence that the phishing website and the exploiter are connected. As a precaution, we have included these new wallet addresses from the phishing website in our fund tracing efforts.”

The zkLend team is working with centralized exchanges and law enforcement to recover the funds, and the security team is monitoring all fund movements.