This year's April Fool's Day joke came out early: hackers were hacked, ETH was stolen and phished. After the zkLend hacker stole 2,930 ETH, he accidentally entered a phishing website and all the funds were stolen. Now, the hacker apologized to the zkLend project through an on-chain message, claiming that he was "broken" and begging the project to track down the operator of the phishing website to recover the losses. Is this a black humor of karma or a hacker's trick? Let's find out.
From hacker to victim
In February this year, zkLend, a decentralized lending protocol based on the Starknet network, suffered a devastating attack. Hackers exploited a "rounding error" vulnerability in the smart contract and successfully took away 3,600 ETH. Afterwards, the zkLend team called out to the hacker, saying that if 90% (3,300 ETH) was returned, 10% could be retained as a "white hat bounty" and exempted from legal responsibility. However, the hacker did not respond, and the funds were quickly transferred to the Ethereum network and attempted to launder money through the privacy protocol Railgun. Although Railgun's forced return of the funds resulted in the hacker's failure to launder money, the clues were interrupted for a time.
Just when everyone thought that this huge sum of money had gone down the drain, on April 1, SlowMist founder Yu Xian revealed a dramatic turn of events: hackers switched to Tornado Cash to further confuse the flow of funds, but accidentally clicked on a phishing website disguised as Tornado Cash, resulting in all 2,930 ETH being stolen.
Even more surprising is that the hacker then took the initiative to contact zkLend through an on-chain message, with a regretful tone: "Hello, I wanted to transfer funds to Tornado Cash, but mistakenly used a phishing website and lost all my funds. I collapsed. I am deeply sorry for the confusion and losses caused. All 2,930 ETH have been taken away by the operators of the website, and I don’t have any coins anymore. Please turn your attention to those website operators to see if you can recover some of the funds. This is my last message, and ending it all may be the best option. Sorry again."
This "confession letter" quickly went viral in the crypto community. In the message, the hacker not only admitted his mistake, but also expressed regret and even hinted that he might "retire from the arena." However, this "true love" made people doubt its authenticity.
What does the community think?
After the incident was exposed, some people jokingly called it a "hacker version of an April Fool's joke," lamenting that "you will pay for what you have done sooner or later." Others joked that "it's like the fraudsters in northern Myanmar were fooled by the psoriasis advertisement on the street lamp post."
In addition to watching the fun, some community members pointed out that the hacker may be directing a farce by pretending to be a "victim" to divert attention, or even colluding with the phishing website operator to whitewash his identity or cover up the whereabouts of funds. However, according to cosine tracking, this phishing website has been lurking for 5 years. If the hacker directed and acted this time, it is a bit too "patient". At present, although the hacker's wallet has indeed been emptied, it cannot be ruled out that there are still hidden accounts behind it.
As of press time, zkLend officials have not yet made an official response to the hacker’s message. Previously, the project had launched a “recovery portal” on March 5, providing partial compensation to affected users and promising to strengthen security measures.
Today, the theft of zkLend seems to be a "gangster eating gangster" drama in the crypto world. Will the hacker's active request for help prompt zkLend to work with law enforcement agencies to track down the phishing website? Or is this just a trick for the hacker to "whitewash"? Is the hacker's "confession" a true repentance, or a carefully planned "April Fool's Day humor"? BlockBeats will continue to follow up on the progress of the incident.
