Hacker gets hacked again, loses 2,930 ETH stolen from zkLend

avatar
VIC Crypto
04-01
This article is machine translated
Show original
The Rare Incident of zkLend Hack Causing 3.666 ETH Damage, but the Hacker Loses 2.930 ETH to a Fake Phishing Tornado Cash Site, Stirring the Crypto Community
Table of Contents
  1. The Beginning of the zkLend Hack
  2. From Scammer to Victim?

The Beginning of the zkLend Hack

​In the early morning of February 12, 2025, the decentralized lending protocol zkLend on the StarkNet network became a victim of a serious cyber attack, resulting in a loss of approximately 3.666 ETH, equivalent to nearly $9.5 million.

The hacker exploited a vulnerability in zkLend's wstETH derivative token lending market. By taking advantage of this weakness, the attacker drained the liquidation of the wstETH pool without executing any loans. The stolen funds were then transferred through a bridge to the Ethereum network and further moved through Railgun, a privacy-focused transaction service.

Immediately after discovering the incident, zkLend suspended withdrawal functions and advised users not to deposit or repay until further notice. The project team publicly contacted the hacker, offering to keep 10% of the funds as a bounty if 90% (around 3,300 ETH) were returned to the designated Ethereum wallet address. They committed to taking no legal action if the hacker complied before 00:00 UTC on February 14, 2025.

Following the attack, zkLend's Total Value Locked (TVL) dropped sharply from $11.57 million to $1.17 million. However, the ZEND token price only slightly decreased by 13.5%, fluctuating around $0.036.

From Scammer to Victim?

It seems that the 2,930 ETH stolen from @zkLend was deposited into Phishing website imitating TornadoCash and was immediately taken away by the phishing website's operators.

H/T @TornadoCashBot

— Vladimir S. | Officer's Notes (@officer_cia) March 31, 2025

However, when the hacker tried to launder the money by running the stolen ETH through Tornado Cash, they made a fatal mistake: clicking on a fake Tornado Cash phishing site. The consequence? The entire 2.930 ETH vanished in an instant, flying directly into another scammer's account.

Image

Realizing they had been hit by karma, the zkLend hacker decided to go big by sending a heartfelt message to zkLend through an on-chain transaction, begging the project to help recover the stolen funds. However, the message was immediately leaked, turning the incident into a joke for the entire crypto community.

Image

In an unexpected twist, zkLend responded to the hacker with a request to return the remaining funds. The hacker, still likely in shock, ultimately decided to return the final 25.15 ETH.

Image

From an attacker exploiting system vulnerabilities to steal others' assets, the zkLend hacker became a victim at the hands of a more sophisticated scammer.

The incident at zkLend is evidence that even attackers can become victims of other fraudulent activities. It also raises questions about ethics and responsibility in the cryptocurrency community, while emphasizing the importance of maintaining vigilance and adhering to strict security measures.

Compiled by VIC Crypto

Related News:

enlightened Raydium Launches Memecoin Issuance Platform to Compete with pump.fun

enlightened PumpSwap Creates Waves with $2.5 Billion Trading Volume Just 10 Days After Launch

enlightened Canary Capital Files for First ETF Dedicated to PENGU from Pudgy Penguins NFT Project

enlightened Hyperliquid Continues to Be Attacked, Causing $20 Million to Evaporate Due to Jellyjelly Memecoin

enlightened UAE Accelerates Investment in AI and Crypto, Collaborates with Trump Administration

ZEND
2.9%
Source
Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Like
5
Add to Favorites
Comments
Relevant content
Followin logo
No comment
avatar
Reply