A malicious actor who stole $9.6 million from the decentralized lending protocol zkLend in February 2025 became a victim of a phishing attack. It has been revealed that he sent 2930 ETH, which was equivalent to $5.4 million at the time of the transaction, to a counterfeit version of the Tornado Cash mixer, losing most of the stolen funds.
This is reported by Business • Media
According to data from the Etherscan platform, on March 31, the hacker was transferring 100 ETH at a time to an address he mistakenly believed belonged to the mixer. After this, the malicious actor left a message for the zkLend team, admitting his mistake and stating that he was “very sorry for all the chaos caused.”
“very sorry for all the chaos caused.”
In addition to this, the hacker advised the developers to contact the owners of the fake Tornado Cash with their claims for asset recovery. Earlier, on-chain analysts had warned about the phishing site, but the malicious actor did not exhibit any suspicion.
The zkLend team responded to the situation by demanding the return of the remaining funds. However, in response, the criminal sent another 25 ETH to a wallet associated with the Chainflip platform. Some users believe that the hacker is actually connected to the fake mixer, and his remorse is just a joke ahead of April Fool’s Day. Other community members express the opinion that there is not enough evidence to support this version.
The attack on zkLend occurred on February 12, 2025. The hacker used instant loans and rounding manipulations to inflate the lending pool and withdraw funds. After that, he converted the assets into Ethereum and attempted to launder them through Railgun, but the protocol’s policy blocked this transaction, forcing the malicious actor to seek other ways to launder the money.
After the zkLend hack, the platform offered the hacker to keep 10% of the stolen amount in exchange for not pursuing legal action, but the malicious actor did not respond. Later, the platform announced a reward of $500,000 for information leading to the arrest of the criminal and the recovery of the funds.
According to data from CertiK, in March of this year, cryptocurrency hacks caused $33 million in damage to the industry, but thanks to successful asset recovery by 1inch, the losses were reduced to $28 million. In February 2025, total losses reached $1.53 billion, including the largest hack of $1.4 billion carried out by the Lazarus Group against the Bybit exchange.
It is worth noting that earlier reports indicated that the crypto neobank Infini accused one of its employees of stealing over 49.5 million USDC.