In a dramatic turn of events, the hacker behind the recent exploit on DeFi lender zkLend has admitted to losing a significant portion of the stolen funds to a phishing scam. The hacker lost the stolen ETH while trying to launder them via the popular crypto mixer, Tornado Cash, after a failed attempt with Railgun.
Hacker Scammed By Fake Tornado Cash Site
In an on-chain message sent to the zkLend team, the hacker revealed that they had deposited 2,930 ETH to a website posing as the front-end for Tornado Cash. However, they quickly realized that they had fallen victim to a phishing scam.
Although the hacker had earlier ignored zkLend’s calls to return 90% of the stolen funds, they reached out to the zkLend team to admit their mistake.
“Hello, I tried to move funds to a Tornado, but I used a phishing website, and all the funds have been lost. I am devastated. I am terribly sorry for all the havoc and losses caused,” they said.
After apologizing for the attack, the hacker urged zkLend to focus its efforts on recovering the funds from the phishing site operators. The team, however, told the hacker to send back the remaining stolen ETH still in their custody.
Crypto Community Expresses Skepticism
Once the latest development came to light, many members of the crypto community expressed their doubts. Several on-chain analysts did not buy the story and suspect that it was part of the hacker’s elaborate plan to avoid accountability for the exploit.
In an X post, the founder of Hunters of Web3, the biggest web3 alpha Discord, said that he believes the hacker is also behind the alleged phishing wallet. He pointed out that hackers often claim to have been scammed themselves, possibly for tax loss harvesting and wash trading.
Karma hit fast or a new type of scam?
Hacker steals 2,930 ETH ($5.4M) from zkLend
Then gets phished while using tornado cash
All $5.4M to another thiefImo, both wallets belong to same hacker
People use this method for tax loss harvesting, wash trading, or fake X hacks pic.twitter.com/MBau6JSYZ3— LANGERIUS (@langeriuseth) April 1, 2025
zkLend, however, has disproved this theory. In a post on their official X account, the platform disclosed that they have not found any clear proof that ties the hacker to the phishing wallet.
Nonetheless, the team noted that they have added the phishing wallet addresses to their tracking list as part of its fund recovery efforts.
Jonathan Agozie | April 3, 2025
Sampson Gideon | April 3, 2025
Chris Lion | April 1, 2025
