Karma Hits Fast: zkLend Hacker Gets Scammed

- $5.4 million in ETH was stolen from the hacker who attempted to launder the stolen funds.
- The attacker mistakenly used a fraudulent version of Tornado Cash, and the entire 2,930 ETH was instantly drained.
- Certain members of the crypto community doubt whether this hacker really lost the funds or if this was a move to avoid clashing with the law.
The hacker who exploited the Ethereum Layer 2 lending protocol zkLend for millions of dollars has lost a large portion of the stolen funds to a phishing scam. It was a bizarre twist of fate for the attacker, who had initially escaped with 2,930 ETH (around $5.4 million) at the time of the attack, only for them to be scammed while trying to launder the funds.
Hackers zkLend Stolen ETH Drained Immediately in Phishing Scam
The hacker wanted to cover the stolen assets using Tornado Cash, a well-known cryptocurrency mixing service. Instead, they went to the rogue site tornadoeth[.]cash, which had existed for years and conned victims.
As soon as they synced with this fake platform, they lost 2,930 ETH to the fraudulent platform. By the time the hacker realized the transaction was on the fake Tornado platform, all their wallets were already empty.
This saga dates back to February, when zkLend experienced a $9.57 million exploit due to a decimal precision vulnerability. The hacker, using wallet address 0x649109, tampered with rounding errors in the lending accumulator to inflate the platforms balance and withdraw around 3,700 ETH.
zkLend quickly halted withdrawals and started negotiating, offering the attacker a 10% white hat bounty and returning the remaining funds. The hacker, however, disregarded the offer and pushed those stolen assets through different channels like Railgun.
Hackers Claimed Loss from Alleged Phishing Questioned by Crypto Community
Despite the dramatic turn of events, some within the crypto community remain skeptical about the hackers claims on what actually happened. Some think that the event is a ploy to escape from scrutiny by law agencies and blockchain investigators.
They say that perhaps the attacker transferred the funds to a different address and staged the loss as a smokescreen. Others suspect that the hacker and the phisher are one and the same, orchestrating a scheme in which the money goes missing without too much scrutiny.
Read more: https://www.tronweekly.com/karma-hits-fast-zklend-hacker-gets-scammed/
Text source: TronWeekly