The hacker behind the $ 9.6 million exploitation of the decentralized protocol lending Zlend in February claimed that they were just victimized on a phishing website pretending to be cash tornadoes, resulting in the loss of a significant portion of stolen funds.
In a message sent to ZKLEND by Ethercan on March 31, the hacker claimed to have lost 2,930 ether (Eth) from stolen funds to a Phishing website Posing as a front-end for Tornado Cash.
In a series of transfer of March 31, the Zlend thief sent 100 ether at one time at an address named Tornado.Cash: router, finishing with three deposits of 10 ether.
“Hello, I tried to transfer funds to a tornado, but I used a phishing website, and all the funds were gone. I was destroyed. I was very sorry for all that caused chaos and losses,” the hacker said.
The hacker behind the ZKLEND EXPLOIT says that most of the funds lost to a phishing website posing as a front-end for Tornado Cash. Source: Olerscan
“All 2,930 ETHs are taken by those with that site. I have no coins. Please recruit your efforts towards those with -owned by the site to see if you can recover some money,” they added.
ZKLEND Reply In the message by asking the hacker to “return all funds left in your purse” to the Zlend purse address. However, according to Ethercan, another 25 ether then sent In a purse listed as chainflip1.
Earlier, another user warned Exploiting the mistake, telling them, “don’t celebrate,” because all funds are sent to the scam Tornado Cash URL.
“It’s so devastating. Everything’s gone on a wrong website,” the hacker replied.
Another user warned Zlend to exploit about the mistake, but it was too late. Source: Olerscan
How was Zlend exploited for $ 9.6 million
Zlend suffered an empty market exploitation in Feb. 11 When an attack used a small deposit and flash loans to provoke the lending accumulator, According to In the February 14 post-mortem of the protocol.
The hacker then repeatedly deposited and withdrew funds, taking advantage of the erosion errors that became significant because of the enlarged accumulator.
The attack was bridged by stolen funds in Ethereum and eventually failed to overthrow them by the railroad after returning the protocol policies to the original address.
Following the exploitation, ZKLEND suggested the hacker could maintain 10% of funds As a huge amount and offered to release the culprit from legal liability and investigation from law enforcement if the remaining ether is restored.
Related: Defi Protocol sir.Trading lost full $ 355k TVL to ‘worst news’ possibly
The offer of the February 14 deadline has passed without a public response from any party. With a February 19 update on X, ZKLEND Says It now offers a $ 500,000 kindness for any proven information that could lead to the hacker that the funds were arrested and recovered.
Losses in crypto scams, exploitation and hacking reached $ 33 million, according to blockchain security firm Certik, but dropped to $ 28 million after decentralized exchange of combined 1inch successfully recovered its stolen funds.
Losses in crypto scams, exploitation and hacking reaches Nearly $ 1.53 billion in February. Attacking $ 1.4 billion in Feb $ 650 million Ronin Bridge Hack In March 2022.
Magazine: Lazarus Group’s favorite exploitation is revealed – Crypto hacks review
