hacker loses eth phishing

In a twist that could make even the most hardened cybercriminals wince, the hacker behind February’s $9.6 million zkLend exploit claims to have fallen victim to a scam themselves. According to an on-chain message sent on March 31, 2025, the perpetrator reportedly lost 2,930 ETH—worth approximately $5.4 million—to a Tornado Cash phishing site while attempting to launder their ill-gotten gains.

The original hack saw 3,600 ETH stolen through a smart contract vulnerability, with zkLend promptly suspending withdrawals and launching an investigation. The hacker initially ignored the protocol’s 10% bounty offer, instead choosing to bridge the funds to Ethereum and attempt laundering via privacy tools. The incident highlights the continuing debate over privacy coin regulation in cryptocurrency ecosystems where anonymity tools serve both legitimate privacy needs and criminal activities.

“I’m devastated,” the hacker wrote in their message to zkLend. “All 2,930 ETH was taken by the phishing site owners.” The confession included details of sending 100 ETH at a time to an address labeled “Tornado.Cash: Router,” followed by three final transfers of 10 ETH each.

Tornado Cash, a cryptocurrency mixer sanctioned by the U.S. Treasury in 2022, has allegedly been used to launder over $7 billion in virtual currency and has been linked to North Korean state-sponsored hackers. The irony of a thief falling prey to another thief while using a sanctioned service wasn’t lost on the crypto community. The attack mirrors recent security issues where Tornado Cash users conducting transactions via IPFS gateways were unknowingly compromised for months by malicious JavaScript code.

Reactions have been mixed, with some dubbing the incident an elaborate “April Fool’s joke” or karmic justice. Others speculate it might be a diversionary tactic to confuse investigators. Despite missing the February 14 deadline for returning funds, the hacker expressed genuine remorse and apologized for the attack.

Blockchain security firms including Cyvers and PeckShieldAlert have confirmed the transactions to the suspected phishing address, which is linked to the ENS domain safe-relayer.eth.

This strange saga highlights persistent vulnerabilities in DeFi platforms and the hazards of privacy tools. While zkLend previously launched a recovery portal for affected users, they’ve yet to officially respond to the hacker’s latest message.

Meanwhile, security firms and potentially law enforcement continue their investigations into both the original theft and this unusual aftermath.

Leave a Reply
You May Also Like

Fake Crypto Wallets on App Stores: How to Spot and Avoid Them

Your crypto could vanish in seconds from fake wallets lurking in app stores. Learn five critical warning signs before your funds disappear forever. Scammers are getting smarter.

Ledger Nano X Vs Trezor Model T: Security Showdown for First-Time Holders

Hardware wallets aren’t created equal – the battle between Ledger Nano X and Trezor Model T reveals surprising security gaps first-time crypto holders can’t afford to ignore. Your financial future depends on it.

WARNING: Rug Pull Schemes Drain $2.8b From DEX Users in 2024

Cryptocurrency’s dark side revealed: $2.8 billion vanished in rug pulls across DEXs. Young investors fall prey while scammers perfect their craft. Your investments might be next.

The Daily Crypto Security Checklist Every Beginner Should Follow

Are your crypto assets one hack away from vanishing forever? Learn essential wallet security, private key protection, and digital hygiene practices. Your financial future depends on it.