zkLend Hack: Genuine Apology or Orchestrated Drama? HasBeen90チZkLend hack was also stolen, is the on-chain apology a sincere repentance or a self-directed performance?

The April Fools' Day joke for this year came out early: a hacker got hacked, and the stolen ETH got phished. After the zkLend hacker stole 2930 ETH, they fell victim to a phishing website, causing a complete loss of funds. Now, the hacker has publicly apologized to the zkLend team through an on-chain message, claiming to have "broken down," and pleading with the team to investigate the phishing website operator to recover the losses. Is this a case of poetic justice or just another one of the hacker's tricks? Let's find out.

From Hacker to "Victim"

In February of this year, zkLend—a decentralized lending protocol based on the Starknet network—was hit by a devastating attack. The hacker exploited a "rounding error" bug in the smart contract, making off with 3600 ETH. The zkLend team had previously reached out to the hacker, offering to let them keep 10% as a "white hat bounty" if they returned 90% (3300 ETH) and absolved them of legal consequences. However, the hacker did not respond, swiftly moving the funds to the Ethereum network and attempting to launder the stolen ETH using the privacy protocol Railgun. While Railgun managed to force the funds back, thwarting the hacker's laundering attempt, the trail briefly went cold.

Related Read: "$5 Million Stolen Funds Rejected, Mixer Railgun Turns Into DeFi Protocol "Debt Collection Tool"?"

Just when everyone thought the stolen funds had disappeared without a trace, on April 1st, SlowMist's founder, 余弦 (Yu Xian), revealed a dramatic twist: the hacker switched to Tornado Cash to further obfuscate the fund flow but mistakenly clicked on a phishing website disguised as Tornado Cash, leading to the vanishing of 2930 ETH.

What's even more surprising is that the hacker then proactively contacted zkLend through an on-chain message, expressing deep remorse: "Hello, I intended to transfer the funds to Tornado Cash, but mistakenly used a phishing site, resulting in the complete loss of all funds. I am devastated. I apologize deeply for the confusion and losses caused by this. All 2930 ETH has been taken by the operator of that website, and I no longer have any coins in my possession. Please focus your efforts on those website operators to see if you can recover some of the funds. This is my final message, and perhaps ending it all is the best choice. Sorry again."

This "Confession Letter" quickly exploded in the crypto community. In the message, the hacker not only admitted their mistakes but also expressed remorse, even hinting at a possible "retirement" from the scene. However, this "sincere confession" inevitably raised doubts about its authenticity.

How Does the Community See It?

After the incident was exposed, some jokingly referred to it as the "hacker version of an April Fools' joke," lamenting that "if you live by the sword, you die by the sword"; while others quipped, "It's like a scammer from Myanmar getting scammed by a psoriasis ad on a street lamp post."

Aside from just spectating, some community members pointed out that the hacker might be orchestrating a drama, using the guise of a "victim" to divert attention, or even colluding with the phishing site operator to whitewash their identity or obfuscate the fund's destination. However, based on cosine tracing, this phishing site has been undercover for 5 years. If this hacker drama is indeed self-directed, it seems a bit too "patient." Currently, although the hacker's wallet has indeed been emptied, the possibility of hidden accounts behind the scenes cannot be ruled out.

As of the time of writing, zkLend has not yet issued a formal response to the hacker's message. Previously, on March 5th, the project team launched a "Recovery Portal," offering partial compensation to affected users and promising to strengthen security measures. Now, the zkLend theft incident seems to have staged a "black-on-black" drama in the crypto world. Will the hacker's proactive plea lead zkLend to collaborate with law enforcement to trace the phishing site? Or is this just a distraction for the hacker to "whitewash" themselves? Is the hacker's "confession letter" a genuine repentance or a carefully crafted "April Fools' humor"? BlockBeats will continue to track and report on the progress of the event.