The zkLend exploiter misplaced all 2,930 ETH in a phishing rip-off whereas attempting to launder the stolen cash utilizing what they thought was Tornado Cash.
In accordance with a Mar. 31 put up on X by Consensys-backed De.Fi Antivirus Web3, the attacker mistakenly deposited the stolen funds right into a pretend Tornado Cash web site, leading to a direct loss. On-chain knowledge reveals that after realizing the error, the hacker despatched a determined message to zkLend’s deployer tackle, admitting their blunder.
“I tried to move funds to Tornado, but I used a phishing website, and all the funds have been lost. I am devastated,” the hacker wrote. They went on to apologize for the assault and urged zkLend to focus its restoration efforts on the phishing rip-off operators.
Greater than $9.6 million in Ethereum (ETH) was stolen within the zkLend exploit, which happened on Feb. 12 . In an try to interact in negotiations, the Starknet-based lending protocol supplied the hacker a ten% reward in alternate for returning the remaining funds by Feb. 14.
ZkLend was pressured to escalate the matter to legislation enforcement as a result of the hacker ignored the deadline. The platform introduced that it had enlisted safety specialists from the Starknet Basis, StarkWare, and Binance Safety to find and recuperate the funds. However now that the stolen ETH has been misplaced to a phishing rip-off, issues appear to have taken a shocking flip.
The zkLend assault is a part of a rising development of high-profile cryptocurrency exploits. In accordance with Immunefi’s Q1 2025 report, the primary three months of 2025 noticed the worst quarter for crypto safety breaches in historical past, with hackers stealing $1.64 billion. The zkLend hack was the fifth-largest exploit of the quarter.
Decentralized finance protocols misplaced $106.8 million throughout 38 incidents, with Ethereum and BNB (BNB) Chain being essentially the most focused networks. Whereas DeFi suffered a number of assaults, centralized finance platforms noticed simply two incidents, however these resulted in a staggering $1.5 billion in losses.
