zkLend hacker was also stolen, is it black eating black or self-directed?

Author: BlockBeats

This year's April Fool's joke came early: a hacker was hacked, and stolen ETH was phished. After stealing 2,930 ETH from zkLend, the hacker ended up losing all their funds due to accidentally entering a phishing site. Now, this hacker has apologized to the zkLend team through an on-chain message, claiming they "collapsed" and pleading with the project team to track down the phishing site operators to recover their losses. Is this a case of poetic justice or just a smokescreen by the hacker? Let's find out.

From Hacker to "Victim"

In February this year, zkLend—a decentralized lending protocol based on the Starknet network—suffered a devastating attack. The hacker exploited a "rounding error" vulnerability in the smart contract, successfully making off with 3,600 ETH. Afterwards, the zkLend team reached out to the hacker, offering to let them keep 10% (330 ETH) as a "white hat bounty" if they returned 90% (3,300 ETH) and promised to waive legal repercussions. However, the hacker did not respond, and the funds were quickly transferred to the Ethereum network, attempting to launder the money through the privacy protocol Railgun. Although Railgun forced the return of the funds, the hacker's laundering attempt failed, and the trail went cold.

Just when everyone thought this large sum had vanished without a trace, on April 1, Slow Mist founder Yu Xian revealed a dramatic twist: the hacker, trying to further obfuscate the flow of funds using Tornado Cash, accidentally clicked on a phishing site disguised as Tornado Cash, resulting in the loss of 2,930 ETH.

Even more surprising, the hacker subsequently reached out to zkLend through an on-chain message, expressing regret: "Hello, I intended to transfer the funds to Tornado Cash, but mistakenly used a phishing site, and now all the funds are lost. I am devastated. I deeply apologize for the chaos and losses caused. All 2,930 ETH have been taken by the operators of that site, and I have no coins left. Please focus your efforts on those site operators to see if any funds can be recovered. This is my last message; perhaps ending this is the best choice. Again, I apologize."

This "confession letter" quickly caused a stir in the crypto community. In the message, the hacker not only admitted their mistake but also showed remorse, even hinting at a possible "retirement." However, this display of "sincerity" raises doubts about its authenticity.

What Does the Community Think?

After the incident was exposed, some jokingly referred to it as a "hacker's April Fool's joke," lamenting that "what goes around comes around"; others mocked it as "equivalent to a scammer in northern Myanmar being tricked by a flyer on a street lamp."

In addition to watching the drama unfold, some community members pointed out that the hacker might be staging a farce, disguising themselves as a "victim" to divert attention, and could even be colluding with the phishing site operators to whitewash their identity or cover up the flow of funds. However, according to Yu Xian's tracking, this phishing site has been lurking for five years, which seems overly "patient" if it were indeed a self-directed act by the hacker. As it stands, while the hacker's wallet has indeed been emptied, it cannot be ruled out that there are still hidden accounts behind them.

As of the time of publication, zkLend has not yet made an official response to the hacker's message. Previously, the project team had launched a "recovery portal" on March 5 to provide partial compensation to affected users and promised to strengthen security measures.

Now, the zkLend theft incident seems to have staged a "black eating black" drama in the crypto world. Will the hacker's plea for help prompt zkLend to collaborate with law enforcement to investigate the phishing site? Or is this just a smokescreen for the hacker's "whitewashing"? Is the hacker's "letter of repentance" genuine remorse, or a carefully crafted "April Fool's humor"? BlockBeats will continue to follow the developments of this incident.