In an ironic coincidence, the hacker behind February’s $9.57 million exploit on zkLend has allegedly fallen sufferer to a different rip-off.
The suspected legal claimed in an on-chain message that they misplaced 2,930 ETH, price about $5.4 million, whereas making an attempt to launder the stolen funds via Twister Money.
The zkLend Hack
zkLend additionally confirmed the weird flip of occasions in a put up on X, stating that the attacker had interacted with a recognized phishing web site, tornadoeth[.]money, as they tried to cowl their tracks from pursuers.
The rip-off website is alleged to have been in operation for the final 5 years, and it instantly drained the thief’s complete steadiness of two,930 ETH. In an on-chain message to zkLend, the attacker appeared crestfallen, saying:
“Hi there, I attempted to maneuver funds to Twister however I used a phishing web site and all of the funds have been misplaced. I’m devastated. I’m terribly sorry for all of the havoc and losses brought on. All the two,930 ETH have been taken by that website’s homeowners… Please redirect your efforts in the direction of these website homeowners to see should you can recuperate among the cash.”
The saga started in February, a few days earlier than Valentine’s, when the Starknet-based lending protocol was hacked for greater than $9.5 million. The exploiter, solely recognized by the deal with 0x64…9109, reportedly took benefit of a decimal precision vulnerability on zkLend to control rounding errors in its lending accumulator and artificially inflate its steadiness. In consequence, they made off with about 3,700 ETH, forcing the platform to pause withdrawals briefly.
Following the theft, zkLend tried to barter with the perpetrator, providing them a white hat bounty of 10% of the stolen funds in change for the return of the remaining 3,300 ETH. Nevertheless, the hacker stayed silent, shifting the crypto property via varied channels, together with 706 ETH valued at $1.8 million despatched via Railgun.
Legitimacy Considerations: A Staged Disappearance?
Not everybody has purchased the phishing story, although. Many throughout the crypto group have questioned the hacker’s declare, with essentially the most prevalent idea being that they made up the story to faux a loss and keep away from additional scrutiny from blockchain investigators and legislation enforcement.
Provided that zkLend has been actively monitoring the stolen funds and dealing with on-chain safety companies and the police, some have argued that this might be a ploy to make the funds disappear with out a hint.
Reactions on X shortly flooded in, with some individuals stating the suspicious timing of the announcement. One person, @pvt.eth, sarcastically noted, “Proper about time for April Idiot.” Others speculated that the phisher and the hacker might be the identical individual.
One other idea is that the attacker might need transferred the stolen ETH to an alternate deal with, utilizing the phishing story as a cover-up. @0xGekko was amongst these unconvinced, stating:
“Meh, screams extra just like the hacker is making an attempt to keep away from any warmth from a potential investigation.”
Nonetheless, zkLend is treating the phishing loss as a reliable occasion, noting that there isn’t conclusive proof but that the phishing web site and the exploiter are related.
Binance Free $600 (CryptoPotato Unique): Use this link to register a brand new account and obtain $600 unique welcome supply on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE place on any coin!
