zkLend Hack: Genuine Apology or Orchestrated Drama? HasBeen90チZkLend hack was also stolen, is the on-chain apology a sincere repentance or a self-directed performance?

By: blockbeats|2025/04/01 10:45:03

The April Fools' Day joke for this year came out early: a hacker got hacked, and the stolen ETH got phished. After the zkLend hacker stole 2930 ETH, they fell victim to a phishing website, causing a complete loss of funds. Now, the hacker has publicly apologized to the zkLend team through an on-chain message, claiming to have "broken down," and pleading with the team to investigate the phishing website operator to recover the losses. Is this a case of poetic justice or just another one of the hacker's tricks? Let's find out.

zkLend Hack: Genuine Apology or Orchestrated Drama?

HasBeen90チZkLend hack was also stolen, is the on-chain apology a sincere repentance or a self-directed performance?

From Hacker to "Victim"

In February of this year, zkLend—a decentralized lending protocol based on the Starknet network—was hit by a devastating attack. The hacker exploited a "rounding error" bug in the smart contract, making off with 3600 ETH. The zkLend team had previously reached out to the hacker, offering to let them keep 10% as a "white hat bounty" if they returned 90% (3300 ETH) and absolved them of legal consequences. However, the hacker did not respond, swiftly moving the funds to the Ethereum network and attempting to launder the stolen ETH using the privacy protocol Railgun. While Railgun managed to force the funds back, thwarting the hacker's laundering attempt, the trail briefly went cold.

Just when everyone thought the stolen funds had disappeared without a trace, on April 1st, SlowMist's founder, 余弦 (Yu Xian), revealed a dramatic twist: the hacker switched to Tornado Cash to further obfuscate the fund flow but mistakenly clicked on a phishing website disguised as Tornado Cash, leading to the vanishing of 2930 ETH.

What's even more surprising is that the hacker then proactively contacted zkLend through an on-chain message, expressing deep remorse: "Hello, I intended to transfer the funds to Tornado Cash, but mistakenly used a phishing site, resulting in the complete loss of all funds. I am devastated. I apologize deeply for the confusion and losses caused by this. All 2930 ETH has been taken by the operator of that website, and I no longer have any coins in my possession. Please focus your efforts on those website operators to see if you can recover some of the funds. This is my final message, and perhaps ending it all is the best choice. Sorry again."

This "Confession Letter" quickly exploded in the crypto community. In the message, the hacker not only admitted their mistakes but also expressed remorse, even hinting at a possible "retirement" from the scene. However, this "sincere confession" inevitably raised doubts about its authenticity.

How Does the Community See It?

After the incident was exposed, some jokingly referred to it as the "hacker version of an April Fools' joke," lamenting that "if you live by the sword, you die by the sword"; while others quipped, "It's like a scammer from Myanmar getting scammed by a psoriasis ad on a street lamp post."

Aside from just spectating, some community members pointed out that the hacker might be orchestrating a drama, using the guise of a "victim" to divert attention, or even colluding with the phishing site operator to whitewash their identity or obfuscate the fund's destination. However, based on cosine tracing, this phishing site has been undercover for 5 years. If this hacker drama is indeed self-directed, it seems a bit too "patient." Currently, although the hacker's wallet has indeed been emptied, the possibility of hidden accounts behind the scenes cannot be ruled out.

As of the time of writing, zkLend has not yet issued a formal response to the hacker's message. Previously, on March 5th, the project team launched a "Recovery Portal," offering partial compensation to affected users and promising to strengthen security measures. Now, the zkLend theft incident seems to have staged a "black-on-black" drama in the crypto world. Will the hacker's proactive plea lead zkLend to collaborate with law enforcement to trace the phishing site? Or is this just a distraction for the hacker to "whitewash" themselves? Is the hacker's "confession letter" a genuine repentance or a carefully crafted "April Fools' humor"? BlockBeats will continue to track and report on the progress of the event.

-- Price

The trusted AI prediction ecosystem Manadia, which has secured $7 million in funding from well-known institutions like OKX, will globally launch in June. The core token UMXM has already been listed on multiple mainstream platforms, inviting you to seize the new blue ocean of the trillion-level predi...

Who is footing the bill for the $64 billion accounting frenzy?

Affected by Bitcoin falling below $60,000, publicly listed companies heavily invested in this asset are facing huge paper losses and valuation discounts, and their debt structure and accounting standards may trigger structural liquidity risks in the future.

Morning Report | CoinEx becomes a key hub for Iran to evade sanctions, involving over $3.8 billion in funds; Kalshi seeks a new round of financing, with a valuation potentially rising to $40 billion

Overview of Important Market Events on June 25

Why do cryptocurrency projects always like to change their names?

In many cases, the old names of encryption projects have no competitive advantage, only historical baggage.

From the white-haired stock god to the billionaire fund mogul, the smart people shorting Nvidia are all getting rich using the same framework

Give up on heavily investing in Nvidia's "nine major bottlenecks"! This article analyzes the underlying logic behind top AI investors making billions: physical infrastructure such as electricity, HBM, and optical interconnects are the true keys to wealth in AI hardware.

Morning News | The draft amendment to the People's Bank of China Law aims to clarify the legal status of digital renminbi; South Korea will transfer about 40 unregistered virtual asset service providers to law enforcement agencies

Overview of Important Market Events on June 24

The cryptocurrency industry has entered the "Show Me" era: merely relying on vision is no longer enough

The awareness level of the audience in the cryptocurrency industry—including media, institutions, and retail investors—is steadily increasing, and this trend has become a foregone conclusion.

Interpreting the Ethereum Foundation's new structure: Reaffirming self-sovereignty amid institutional trends

The Ethereum Foundation has announced a new five-layer working framework, clarifying the focus of future development and reaffirming its commitment to decentralized core values amidst the wave of institutionalization.

Former SpaceX engineer reconstructs the financial execution system using first principles

Plan Execution Lab completes angel round financing for Singapore family office, with a valuation of 50 million USD.

Standard Chartered Bank sings a 50x rhapsody again, aiming for AAVE to reach 3500 USD

The throne of DeFi lending still exists, but the foundation beneath the throne needs to undergo a reconstruction or reinforcement.

Tidal Investment: We still have a positive outlook on the AI industry chain, but the reasons have changed

The intense financing by tech giants has triggered a panic of "AI peak," but the soaring capital expenditures of the five major cloud vendors and the bottlenecks in physical infrastructure indicate that the AI investment cycle is far from over; the second half of this grand performance has just begu...