The April Fools' Day joke came out early this year: a hacker being hacked and having stolen ETH phished. After the zkLend hacker stole 2,930 ETH, they actually ended up losing all funds by accidentally entering a phishing website. Now, the hacker has apologized to the zkLend project team through an on-chain message, claiming to be "devastated" and earnestly requesting the project team to investigate the phishing website operators to recover the losses. Is this a black comedy of karmic retribution or the hacker's smokescreen? Let's explore further.
From Hacker to "Victim"
In February this year, zkLend - a decentralized lending protocol based on the Starknet network - suffered a devastating attack. The hacker exploited a "rounding error" vulnerability in the smart contract, successfully stealing 3,600 ETH. Afterward, the zkLend team called out to the hacker, proposing that if 90% (3,300 ETH) was returned, they could keep 10% as a "white hat bounty" and avoid legal responsibility. However, the hacker did not respond, and the funds were quickly transferred to the Ethereum network and attempted to be laundered through the privacy protocol Railgun. Although Railgun forced the return of these funds, preventing the laundering, the trail had momentarily gone cold.
Related Reading: 《500 万美元被盗资金遭拒,混币器 Railgun 竟成 DeFi 协议「追款工具」?》
Just when everyone thought the huge sum had disappeared, on April 1st, Slow Mist founder Yu Xin exposed a dramatic turn of events: the hacker tried to further obfuscate the fund flow using Tornado Cash but mistakenly clicked on a phishing website disguised as Tornado Cash, resulting in 2,930 ETH being wiped out.
Even more surprisingly, the hacker subsequently actively contacted zkLend through an on-chain message, with a tone full of regret: "Hello, I intended to transfer funds to Tornado Cash but mistakenly used a phishing website, and all funds were lost. I'm devastated. I deeply apologize for the chaos and losses caused. 2,930 ETH has been completely taken by the website operators, and I no longer have any coins. Please focus on those website operators and see if you can recover some funds. This might be my last message, and ending everything might be the best choice. Sorry again."
This "confession letter" quickly exploded in the crypto community. In the message, the hacker not only admitted their mistake but also showed remorse, even hinting at possibly "retiring from the scene". However, this "genuine outpouring" makes people doubt its authenticity.
What Does the Community Think?
After the incident was exposed, some jokingly called it a "hacker version of an April Fools' joke", lamenting that "what goes around comes around"; others quipped that "it's like a Burmese online scammer being scammed by a street lamp advertisement."
Besides spectating, some community members pointed out that the hacker might be staging a farce, trying to divert attention by pretending to be a "victim", and might even be colluding with the phishing website operators to whitewash their identity or hide the fund's whereabouts. However, according to Yu Xin's tracking, this phishing website has been dormant for 5 years, which would be too "patient" if it were staged by the hacker. Currently, although the hacker's wallet is indeed empty, the possibility of hidden accounts cannot be ruled out.
As of this writing, zkLend has not yet officially responded to the hacker's message. Previously, the project team launched a "recovery portal" on March 5th, providing partial compensation for affected users and promising to enhance security measures.
Now, the zkLend theft case seems to have staged a "black-on-black" drama in the crypto world. Will the hacker's proactive plea prompt zkLend to collaborate with law enforcement to investigate the phishing website? Or is this just a hacker's "whitewashing" smokescreen? Is the hacker's "letter of repentance" truly a sincere regret or a carefully planned "April Fools' humor"? BlockBeats will continue to track and report on the event's developments.
Welcome to join BlockBeats official community:
Telegram Subscription Group: https://t.me/theblockbeats
Telegram Discussion Group: https://t.me/BlockBeats_App
Twitter Official Account: https://twitter.com/BlockBeatsAsia
