The zkLend hacker experienced a significant setback in their attempt to launder the stolen funds, losing all 2,930 ETH in a phishing scam. The incident unfolded when the attacker mistakenly deposited the stolen money into a fake Tornado Cash website, leading to an immediate loss. Upon realizing their mistake, the hacker reached out to zkLend’s deployer address, admitting their blunder and expressing devastation over the outcome.
In a message to zkLend, the hacker confessed, “I tried to move funds to Tornado, but I used a phishing website, and all the funds have been lost. I am devastated.” The attacker went on to apologize for their actions and recommended that zkLend focus on pursuing the operators behind the phishing scam.
The hack initially involved the theft of more than $9.6 million in Ethereum (ETH) from zkLend on Feb. 12. Following the exploit, the lending protocol offered the hacker a 10% reward in exchange for returning the remaining funds by Feb. 14. However, after the hacker failed to meet the deadline, zkLend escalated the matter to law enforcement and enlisted the help of security experts to recover the stolen assets.
Unfortunately, with the loss of the stolen ETH to a phishing scam, zkLend now faces a more challenging situation. The incident is part of a concerning trend in the cryptocurrency space, with high-profile exploits on the rise. According to a report by Immunefi, the first quarter of 2025 marked the worst period for crypto security breaches in history, with hackers stealing a total of $1.64 billion. The zkLend hack ranked as the fifth-largest exploit during this period.
Decentralized finance protocols suffered significant losses, totaling $106.8 million across 38 incidents, with Ethereum and BNB Chain being the primary targets. In contrast, centralized finance platforms experienced only two incidents but incurred massive losses amounting to $1.5 billion. The zkLend hack serves as a stark reminder of the risks and vulnerabilities inherent in the rapidly evolving crypto landscape, emphasizing the importance of robust security measures and vigilance in protecting digital assets.