A bizarrely twisted story unfolded yesterday in crypto’s underworld of decentralized finance (DeFi). The perpetrator of a multi-million greenback heist in opposition to a challenge known as ZKLend (quick for “zero knowledge proof lending”) subsequently misplaced these ill-gotten positive factors to a second phishing rip-off.
The ouroboros began on February 11, 2025 when ZKLend misplaced 3,600 ether (ETH) to its hackers.
“I tried to move funds to tornado [cash] but I used a phishing website and all the funds have been lost,” Fake_Phishing927538 wrote to the ZKLend staff.
“I am devastated. I am terribly sorry for all the havoc and losses caused. All the 2930 eth have been taken by that site owners. I do not have coins.”
What occurred to ZKLend customers’ cash?
At this level, it was exhausting to know what was actual. Why the delay from February 18 to March 31 if the hacker had supposed to return the funds? Did a faux Twister Money web site really idiot an in any other case refined hacker, or did the hacker merely staff up with that faux web site to fabricate a canopy story?
Twister Money is a well known crypto mixing service that obscures transaction trails. A fraudulent imitation of that web site, nevertheless, overtook management of two,930 ETH of ZKLend customers’ cash. The phishing operators swiftly drained the hacker’s pockets, leaving it empty.
Most social media commentary in regards to the incident laughed on the irony of a hacker outmaneuvering one other hacker. On this model of the story, a felony set a complicated lure to ensnare unsuspecting victims but – satirically caught considered one of its personal sort.
what if ‘he’ owns the phishing web site too?
hehe
— Matrix (@MatriXBT) March 31, 2025
In one other, much more sinister model of the story, the hacker and the phisher cooperated.
A 3rd cohort of observers dismissed the on-chain message from the hacker on March 31 as a merciless April Idiot’s joke given its proximity to the April 1 calendar date. Whether it is an April Idiot’s, it ranks among the many cruelest to snort on the expense of customers’ stolen financial savings.
ZKLend’s newest assertion on the two,930 ETH phishing incident claims, “At this stage, security teams do not have conclusive evidence that the phishing website and the exploiter are connected.”
It has now included the wallets of the brand new scammers and has monitored “significant movements of funds from the exploiter’s controlled wallet addresses.”
The protocol’s homepage nonetheless cites logos from Delphi Digital, CMS Holdings, Starkware, and GBV as if it’s nonetheless “supported by trusted institutions.”