{"id":126201,"date":"2025-04-01T03:16:02","date_gmt":"2025-04-01T03:16:02","guid":{"rendered":"http:\/\/cryptospotters.net\/?p=126201"},"modified":"2025-04-01T03:16:02","modified_gmt":"2025-04-01T03:16:02","slug":"zklend-hacker-claims-losing-stolen-eth-to-tornado-cash-phishing-site","status":"publish","type":"post","link":"http:\/\/cryptospotters.net\/?p=126201","title":{"rendered":"zkLend hacker claims losing stolen ETH to Tornado Cash phishing site"},"content":{"rendered":"<p>Source: Cointelegraph.com NewsThe hacker behind the $9.6 million exploit of the decentralized money-lending protocol zkLend in February claims they\u2019ve just fallen victim to a phishing website impersonating Tornado Cash, resulting in the loss of a significant portion of the stolen funds.<br \/>\nIn a message sent to zkLend through Etherscan on March 31, the hacker claimed to have lost 2,930 Ether (ETH) from the stolen funds to a phishing website posing as a front-end for Tornado Cash.\u00a0<br \/>\nIn a series of March 31 transfers, the zkLend thief sent 100 Ether at a time to an address named Tornado.Cash: Router, finishing with three deposits of 10 Ether.<br \/>\n\u201cHello, I tried to move funds to a Tornado, but I used a phishing website, and all the funds have been lost. I am devastated. I am terribly sorry for all the havoc and losses caused,\u201d the hacker said.<br \/>\nThe hacker behind the zkLend exploit claims to have lost most of the funds to a phishing website posing as a front-end for Tornado Cash. Source: Etherscan\u201cAll the 2,930 Eth have been taken by that site owners. I do not have coins. Please redirect your efforts towards those site owners to see if you can recover some of the money,\u201d they added.<br \/>\nzkLend responded to the message by asking the hacker to \u201cReturn all the funds left in your wallets\u201d to the zkLend wallet address. However, according to Etherscan, another 25 Ether was then sent to a wallet listed as Chainflip1.\u00a0<br \/>\nEarlier, another user warned the exploiter about the error, telling them, \u201cdon\u2019t celebrate,\u201d because all the funds were sent to the scam Tornado Cash URL.<br \/>\n\u201cIt is so devastating. Everything gone with one wrong website,\u201d the hacker replied.<br \/>\nAnother user warned the zkLend exploiter about the mistake, but it was too late. Source: EtherscanHow zkLend was exploited for $9.6 million<br \/>\nzkLend suffered an empty market exploit on Feb. 11 when an attacker used a small deposit and flash loans to inflate the lending accumulator, according to the protocol\u2019s Feb. 14 post-mortem.\u00a0<br \/>\nThe hacker then repeatedly deposited and withdrew funds, exploiting rounding errors that became significant due to the inflated accumulator.\u00a0<br \/>\nThe attacker bridged the stolen funds to Ethereum and later failed to launder them through Railgun after protocol policies returned them to the original address.\u00a0<br \/>\nFollowing the exploit, zkLend proposed the hacker could keep 10% of the funds as a bounty and offered to release the culprit from legal liability and scrutiny from law enforcement if the remaining Ether was returned.<br \/>\nRelated: DeFi protocol SIR.trading loses entire $355K TVL in \u2018worst news\u2019 possible<br \/>\nThe offer deadline of Feb. 14 passed with no public response from either party. In a Feb. 19 update to X, zkLend said it was now offering a $500,000 bounty for any verifiable information that could lead to the hacker being arrested and the funds recovered.<br \/>\nLosses to crypto scams, exploits and hacks totaled over $33 million, according to blockchain security firm CertiK, but dropped to $28 million after decentralized exchange aggregator 1inch successfully recovered its stolen funds.\u00a0<br \/>\nLosses to crypto scams, exploits and hacks totaled nearly $1.53 billion in February. The $1.4 billion Feb. 21 attack on Bybit by North Korea\u2019s Lazarus Group made up the lion\u2019s share and took the title for largest crypto hack ever, doubling the $650 million Ronin bridge hack in March 2022.\u00a0<br \/>\nMagazine: Lazarus Group\u2019s favorite exploit revealed \u2014 Crypto hacks analysis<a href=\"https:\/\/cointelegraph.com\/news\/zk-lend-hacker-loses-stolen-eth-after-depositing-it-into-a-tornado-cash-phishing-site?utm_source=rss_feed&amp;utm_medium=rss&amp;utm_campaign=rss_partner_inbound\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Source: Cointelegraph.com NewsThe hacker behind the $9.6 million exploit of the decentralized money-lending protocol zkLend in February claims they\u2019ve just fallen victim to a phishing website impersonating Tornado Cash, resulting&hellip; <\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/126201"}],"collection":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=126201"}],"version-history":[{"count":0,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/126201\/revisions"}],"wp:attachment":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=126201"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=126201"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=126201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}