.png)
In a twist of events, the hacker responsible for a $9.6 million theft from zkLend claims to have lost a significant portion of the stolen funds to a phishing scam. The incident has sparked discussions about the complexities and ironies within the crypto security landscape.
The zkLend Exploit
In February 2025, zkLend, a decentralized lending protocol on Starknet, suffered an exploit resulting in the loss of 2,930 ETH, valued at approximately $9.6 million at the time. The attacker manipulated the platform's lending accumulator using flash loans and rounding errors to siphon funds.
Phishing Scam Claims
On March 31, the hacker sent an on-chain message to zkLend, stating:
"Hello, I tried to move funds to Tornado, but I used a phishing website, and all the funds have been lost. I am devastated. I am terribly sorry for all the havoc and losses caused."
The hacker claimed that all 2,930 ETH were taken by the operators of the phishing site, leaving them without any of the stolen assets.
Community Skepticism
The crypto community has expressed skepticism regarding the hacker's claims. Some believe the phishing story might be a ruse to divert attention or obscure the trail of the stolen funds. Investigations are ongoing to determine the veracity of the hacker's statement.
zkLend's Response
Following the hacker's message, zkLend urged the return of any remaining funds. The platform had previously offered a 10% bounty for the return of the stolen assets, which went unanswered. Subsequently, zkLend announced a $500,000 reward for information leading to the hacker's arrest and the recovery of the funds.
The zkLend incident underscores the intricate dynamics of cybersecurity within the decentralized finance ecosystem. Whether the hacker's claims are genuine or a strategic ploy remains to be seen, but the event highlights the perpetual cat-and-mouse game between cybercriminals and security protocols.
FAQs
1. What is zkLend?
zkLend is a decentralized lending protocol built on Starknet, facilitating peer-to-peer lending and borrowing of digital assets.
2. How did the zkLend exploit occur?
A2: The attacker manipulated zkLend's lending accumulator using flash loans and rounding errors, enabling the unauthorized withdrawal of funds.
3. What is Tornado Cash?
Tornado Cash is a privacy-focused Ethereum mixer that obfuscates transaction trails, enhancing user anonymity.
4. How can users protect themselves from phishing scams?
Users should verify URLs, use trusted platforms, enable two-factor authentication, and remain vigilant against unsolicited communications to mitigate phishing risks.
.png)
