Ain’t that just the most ironic thing you ever did hear? The scoundrel who swiped $9.57 million from zkLend back in February has fallen victim to another swindle. Yep, you read that right – this slippery fella has lost a whoppin’ $5.4 million tryin’ to clean his dirty money through Tornado Cash.
The accused culprit claimed in an on-chain message that he lost 2,930 ETH while tryin’ to launder the loot. Guess you could say he got caught in his own scheme!
The zkLend Caper
zkLend themselves confirmed the peculiar situation, sayin’ the scamp had interacted with a known phishing website, tornadoeth[.]cash, as he attempted to cover his tracks. Sounds like he got conned by a con artist!
The scam site, which has been around for five years, promptly drained the thief’s entire balance of 2,930 ETH. The hacker looked like a duck, flappin’ his wings and wailin’ in an on-chain message to zkLend:
“Hello, I tried to move funds to Tornado but I used a phishing website and all the funds have been lost. I am devastated. I am terribly sorry for all the havoc and losses caused. All the 2,930 ETH have been taken by that site’s owners… Please redirect your efforts towards those site owners to see if you can recover some of the money.”
This whole shenanigan started in February, just a few days before Valentine’s Day, when the Starknet-based lending protocol was hacked for more than $9.5 million. The scoundrel, only identified by the address 0x64…9109, took advantage of a decimal precision vulnerability on zkLend to manipulate rounding errors in its lending accumulator and artificially inflate his balance. He made off with about 3,700 ETH, causin’ the platform to pause withdrawals temporarily.
After the theft, zkLend tried to negotiate with the perpetrator, offerin’ him a white hat bounty of 10% of the stolen funds in exchange for the return of the remaining 3,300 ETH. However, the hacker stayed mum, movin’ the crypto assets through various channels, including 706 ETH valued at $1.8 million sent through Railgun.
Shady Business: A Staged Disappearance?
Not everyone’s buyin’ the phishing story, though. Many in the crypto community are thinkin’ this might be a ruse to fake a loss and avoid scrutiny from blockchain investigators and law enforcement.
Given that zkLend’s been trackin’ the stolen funds and workin’ with on-chain security firms and the police, some folks are speculatin’ that this could be a ploy to make the funds disappear without a trace.
Reactions on X were plenty, with some folks pointin’ out the suspicious timing of the announcement. One user, @pvt.eth, quipped, “Right about time for April Fool.” Others thought the phisher and the hacker might be one and the same.
Another theory is that the attacker might have transferred the stolen ETH to an alternate address, usin’ the phishing story as a cover-up. @0xGekko was among those unimpressed, sayin’:
“Meh, screams more like the hacker is tryin’ to avoid any heat from a possible investigation.”
Nonetheless, zkLend’s treatin’ the phishing loss as a legit event, notin’ there ain’t no conclusive evidence yet that the phishing website and the exploiter are connected.
Read More
- Clash Royale Best Boss Bandit Champion decks
- Mobile Legends November 2025 Leaks: Upcoming new heroes, skins, events and more
- PUBG Mobile or BGMI A16 Royale Pass Leaks: Upcoming skins and rewards
- The John Wick spinoff ‘Ballerina’ slays with style, but its dialogue has two left feet
- Kingdom Rush Battles Tower Tier List
- Delta Force Best Settings and Sensitivity Guide
- Clash Royale Season 77 “When Hogs Fly” November 2025 Update and Balance Changes
- Vampire’s Fall 2 redeem codes and how to use them (June 2025)
- Stocks stay snoozy as Moody’s drops U.S. credit—guess we’re all just waiting for the crash
- ‘Australia’s Most Sexually Active Woman’ Annie Knight reveals her shock plans for the future – after being hospitalised for sleeping with 583 men in a single day
2025-04-02 07:02