This years April Fools Day joke came out early: hackers were hacked, ETH was stolen and phished. After the zkLend hacker stole 2,930 ETH, he accidentally entered a phishing website and all the funds were stolen. Now, the hacker apologized to the zkLend project through an on-chain message, claiming that he was broken and begging the project to track down the operator of the phishing website to recover the losses. Is this a black humor of karma or a hackers trick? Lets find out.
From hacker to victim
In February of this year, zkLend, a decentralized lending protocol based on the Starknet network, suffered a devastating attack. Hackers exploited a rounding error vulnerability in the smart contract and successfully took away 3,600 ETH. Afterwards, the zkLend team called out to the hacker, saying that if 90% (3,300 ETH) was returned, 10% could be retained as a white hat bounty and exempted from legal responsibility. However, the hacker did not respond, and the funds were quickly transferred to the Ethereum network and attempted to launder money through the privacy protocol Railgun. Although Railguns forced return of the funds resulted in the hackers failure to launder money, the clues were interrupted for a time.
Related reading: US$5 million in stolen funds rejected, the coin mixer Railgun becomes the DeFi protocols recovery tool?
Just when everyone thought that this huge sum of money had gone down the drain, on April 1, SlowMist founder Yu Xian revealed a dramatic turn of events: hackers switched to Tornado Cash to further confuse the flow of funds, but accidentally clicked on a phishing website disguised as Tornado Cash, resulting in all 2,930 ETH being stolen.
Even more surprising is that the hacker then took the initiative to contact zkLend through an on-chain message, with a regretful tone: Hello, I wanted to transfer funds to Tornado Cash, but mistakenly used a phishing website and lost all my funds. I collapsed. I am deeply sorry for the confusion and losses caused. All 2,930 ETH have been taken away by the operators of the website, and I don’t have any coins anymore. Please turn your attention to those website operators to see if you can recover some of the funds. This is my last message, and ending it all may be the best option. Sorry again.
This confession letter quickly went viral in the crypto community. In the message, the hacker not only admitted his mistake, but also expressed regret and even hinted that he might retire from the arena. However, this true love made people doubt its authenticity.
What does the community think?
After the incident was exposed, some people jokingly called it a hacker version of an April Fools joke, lamenting that you will pay for what you have done sooner or later. Others joked that its like the fraudsters in northern Myanmar were fooled by the psoriasis advertisement on the street lamp post.
In addition to watching the fun, some community members pointed out that the hacker may be directing a farce by pretending to be a victim to divert attention, or even colluding with the phishing website operator to whitewash his identity or cover up the whereabouts of funds. However, according to cosine tracking, this phishing website has been lurking for 5 years. If the hacker directed and acted this time, it is a bit too patient. At present, although the hackers wallet has indeed been emptied, it cannot be ruled out that there are still hidden accounts behind it.
As of press time, zkLend officials have not yet made an official response to the hacker’s message. Previously, the project had launched a “recovery portal” on March 5, providing partial compensation to affected users and promising to strengthen security measures.
Today, the theft of zkLend seems to be a gangster eating gangster drama in the crypto world. Will the hackers active request for help prompt zkLend to work with law enforcement agencies to track down the phishing website? Or is this just a trick for the hacker to whitewash? Is the hackers confession a true repentance, or a carefully planned April Fools Day humor? BlockBeats will continue to follow up on the progress of the incident.
