In an ironic accident, the hacker behind February’s $9.57 million exploit on zkLend has allegedly fallen sufferer to a different rip-off.
The suspected prison claimed in an on-chain message that they misplaced 2,930 ETH, price about $5.4 million, whereas attempting to launder the stolen funds via Twister Money.
The zkLend Hack
zkLend additionally confirmed the weird flip of occasions in a put up on X, stating that the attacker had interacted with a identified phishing web site, tornadoeth[.]money, as they tried to cowl their tracks from pursuers.
The rip-off web site is claimed to have been in operation for the final 5 years, and it instantly drained the thief’s complete stability of two,930 ETH. In an on-chain message to zkLend, the attacker appeared crestfallen, saying:
“Hey, I attempted to maneuver funds to Twister however I used a phishing web site and all of the funds have been misplaced. I’m devastated. I’m terribly sorry for all of the havoc and losses induced. All the two,930 ETH have been taken by that web site’s house owners… Please redirect your efforts in the direction of these web site house owners to see should you can get better among the cash.”
The saga started in February, a few days earlier than Valentine’s, when the Starknet-based lending protocol was hacked for greater than $9.5 million. The exploiter, solely recognized by the handle 0x64…9109, reportedly took benefit of a decimal precision vulnerability on zkLend to control rounding errors in its lending accumulator and artificially inflate its stability. Because of this, they made off with about 3,700 ETH, forcing the platform to pause withdrawals quickly.
Following the theft, zkLend tried to barter with the perpetrator, providing them a white hat bounty of 10% of the stolen funds in change for the return of the remaining 3,300 ETH. Nonetheless, the hacker stayed silent, transferring the crypto belongings via varied channels, together with 706 ETH valued at $1.8 million despatched via Railgun.
Legitimacy Issues: A Staged Disappearance?
Not everybody has purchased the phishing story, although. Many throughout the crypto group have questioned the hacker’s declare, with essentially the most prevalent idea being that they made up the story to faux a loss and keep away from additional scrutiny from blockchain investigators and legislation enforcement.
On condition that zkLend has been actively monitoring the stolen funds and dealing with on-chain safety companies and the police, some have argued that this could possibly be a ploy to make the funds disappear with out a hint.
Reactions on X shortly flooded in, with some individuals mentioning the suspicious timing of the announcement. One consumer, @pvt.eth, sarcastically noted, “Proper about time for April Idiot.” Others speculated that the phisher and the hacker could possibly be the identical particular person.
One other idea is that the attacker may need transferred the stolen ETH to an alternate handle, utilizing the phishing story as a cover-up. @0xGekko was amongst these unconvinced, stating:
“Meh, screams extra just like the hacker is attempting to keep away from any warmth from a attainable investigation.”
Nonetheless, zkLend is treating the phishing loss as a official occasion, noting that there isn’t conclusive proof but that the phishing web site and the exploiter are linked.
Binance Free $600 (CryptoPotato Unique): Use this link to register a brand new account and obtain $600 unique welcome supply on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE place on any coin!