zkLend Hackers were also stolen. Is it a bad guy or a self-directed or self-acted?

Author: BlockBeats

This April Fools' Day meme came out early in the morning: hackers were hacked, stolen ETH was fished. After zkLend hackers stole 2,930 ETH, they accidentally entered a phishing website and all funds were stolen. Now, the hacker apologized to the zkLend project through an on-chain message, claiming that it had "collapsed", and begged the project to track down the phishing website operators to recover the losses. Is this a black humor of karma or a hacker's trick? Let's find out.

From hackers to "victims"

In February this year, zkLend, a decentralized lending protocol based on the Starknet network, encountered a devastating attack. The hacker took advantage of a "rounding error" vulnerability in the smart contract and successfully swept away 3,600 ETH. Afterwards, the zkLend team called on the hacker, proposing that if 90% (3,300 ETH) is returned, 10% can be retained as a "white hat bounty" and legal accountability will be exempted. However, the hackers did not respond, and the funds were quickly transferred to the Ethereum network and attempted to launder money through the privacy protocol Railgun. Although Railgun forced the money back to fail, the hackers failed to launder money, the clues were interrupted at one point.

Just when everyone thought that the huge sum of money had fallen into the sea, on April 1, Slow Fog founder Cosine revealed a dramatic twist: the hacker switched to Tornado Cash to further confuse the flow of funds, but mistakenly clicked a phishing website disguised as Tornado Cash, and 2,930 ETHs were swept away.

What's even more surprising is that the hacker then contacted zkLend through the on-chain message, and his tone was full of regret: "Hello, I wanted to transfer funds to Tornado Cash, but I misused a phishing website, and all the funds were lost. I collapsed. I am deeply sorry for the chaos and losses caused by this. The 2,930 ETHs have been taken away by the operators of the website. I have no coins in my hands. Please turn my energy to those operators to see if some of the funds can be recovered. This is my last message, and ending this may be the best choice. Sorry again."

This "confession letter" quickly exploded in the crypto community. In the message, the hacker not only admitted his mistakes, but also expressed regret and even suggested that he might "quit the world." However, this "true love" makes people wonder its authenticity.

What do you think of the community?

After the incident was exposed, some people joked that this was a "hacker version of April Fool's Day joke" and lamented that "it will be back sooner or later when you come out." Some people joked that "it is equivalent to that the North Myanmar film fraudster was deceived by the psoriasis advertisement on the street lamp post."

In addition to watching the fun, community members also pointed out that hackers may also direct and act as farces by themselves, diverting their attention by disguising themselves as "victims", and even colluding with phishing website operators to whitewash their identities or cover up where the funds go. But according to Cosine Tracking, this phishing website has been lurking for 5 years. If it were the hacker's self-directed and acted by this time, it would be too "patient". It seems that although the hacker's wallet has indeed been cleared, it is not ruled out that there are still hidden accounts behind it.

As of press time, zkLend has not made a formal response to the hacker's comments. Previously, the project party launched the "Recovery Portal" on March 5 to provide partial compensation to affected users and promised to strengthen safety measures.

Now, the zkLend stolen incident is like a "black eating black" drama for the encrypted world. Will hackers seeking help from zkLend jointly seek law enforcement agencies to track down phishing websites? Or is this just a trick to "whitewash" for hackers? Is the hacker’s “repentance” sincere repentance or the carefully planned “Aprils’ Day humor”? BlockBeats will continue to track the progress of the incident.