In a bizarre twist of events, a hacker who successfully stole 2,930 Ethereum (ETH), valued at approximately $5.4 million, from the decentralized finance (DeFi) platform zkLend has now lost the entire sum to another cybercriminal.
According to Lookonchain, the initial hack, which took place in February, saw the attacker exploit vulnerabilities within zkLend’s systems, transferring the funds into their possession.
However, while attempting to launder the stolen ETH through Tornado Cash, a well-known cryptocurrency mixing service, the hacker fell for a phishing scam.
The unexpected turn of events resulted in the hacker losing all their ill-gotten gains to a second fraudster, highlighting the chaotic and risky nature of illicit activities in the crypto space.
Phishing Scam Tricks the Hacker into Handing Over Stolen Funds
The hacker’s downfall was set in motion when they unknowingly accessed a fake website masquerading as Tornado Cash.
Tornado Cash is a popular tool among cybercriminals, as it helps obscure the origins of illicitly obtained funds. Believing they were using the legitimate service, the hacker initiated a transaction to launder their stolen ETH.
However, instead of safely anonymizing their funds, they transferred all 2,930 ETH directly into the hands of yet another scammer.
The incident highlights the increasing sophistication of phishing schemes in the cryptocurrency world, proving that even experienced hackers can fall victim to deception.
Desperate Hacker Reaches Out to zkLend for Help
In an ironic twist, after realizing they had been duped, the hacker turned to their original victim, zkLend, for help.
In an on-chain message sent to the platform, the hacker expressed regret and asked for assistance in recovering the stolen funds.
The move was unexpected, as cybercriminals rarely make direct contact with their victims after a successful heist. zkLend responded by urging the hacker to return any remaining stolen assets as an act of goodwill.
The exchange between the attacker and the DeFi platform showcases the strange and sometimes desperate nature of blockchain-based crimes, where even those committing theft can find themselves at the mercy of more skilled fraudsters.
Hacker Returns a Small Portion of Funds, but Majority Remains Lost
Following zkLend’s response, the hacker ultimately agreed to return a mere fraction of the stolen funds.
They sent back 25.15 ETH, worth significantly less than the original $5.4 million haul, while the vast majority of the funds remain in the possession of the phishing scammer.
The incident serves as a stark reminder of the inherent risks involved in illicit activities within decentralized finance.
It also sheds light on the dangers of phishing attacks, which continue to claim victims across the crypto ecosystem, regardless of whether they are innocent investors or cybercriminals themselves.
The case underscores the need for heightened security awareness, as scammers constantly evolve their tactics to outsmart both law-abiding users and bad actors alike.
Surge in Crypto Hacks Highlights Growing Security Concerns
The zkLend hack and subsequent phishing scam are just the latest in a string of cyberattacks targeting the crypto industry.
Recently, hackers exploited Telegram accounts to spread malware via fake video call links, compromising users’ financial data and wallets.
Meanwhile, the LastPass breach saw cybercriminals steal $5.36 million in cryptocurrency from 40 victims just before Christmas.
Additionally, a $12.9 million exploit targeted the Abracadabra/Spell platform, with attackers siphoning off 6,262 ETH.
These incidents highlight the growing sophistication of cyber threats in the digital asset space and emphasize the urgent need for enhanced security measures to protect users from financial loss.
Also Read: Phishing Attack That Drained $55.4M DAI, Hacker Moves 900 ETH To Tornado Cash