The April Fools' Day joke came early this year: A hacker got hacked, and the stolen ETH got phished. After the zkLend hacker stole 2930 ETH, they ended up losing all their funds due to mistakenly falling for a phishing website. Now, the hacker has publicly apologized to the zkLend team through an on-chain message, claiming to have "broken down," and pleading with the team to investigate the phishing site operator to recover the losses. Is this truly a case of poetic justice or just a clever sleight of hand by the hacker? Let's find out.

From Hacker to "Victim"

In February of this year, zkLend—a decentralized lending protocol on the Starknet network—was hit by a devastating attack. The hacker exploited a "rounding error" bug in the smart contract, making off with 3600 ETH. Following the incident, the zkLend team reached out to the hacker, offering to let them keep 10% as a "white hat bounty" if they returned 90% (3300 ETH) and promised to avoid legal actions. However, the hacker did not respond, swiftly moving the funds to the Ethereum network and attempting to launder them using the privacy protocol Railgun. Although Railgun's intervention forced the hacker to return the funds, thwarting their money laundering attempt, the trail went cold temporarily.

Related Reading: "$5 Million Stolen Funds Rejected, Mixer Railgun Becomes DeFi Protocol's "Debt Collection Tool"?"

Just when everyone thought this hefty sum had vanished without a trace, on April 1st, SlowMist co-founder Cao Yin revealed a dramatically ironic twist: The hacker switched to Tornado Cash to further obfuscate the fund's flow but mistakenly clicked on a phishing site masquerading as Tornado Cash, resulting in the loss of 2930 ETH.

What's even more surprising is that the hacker then proactively reached out to zkLend via an on-chain message, expressing deep regret: "Hello, I intended to transfer the funds to Tornado Cash, but mistakenly used a phishing site, resulting in the loss of all funds. I am devastated. I am truly sorry for the confusion and loss caused by this. 2930 ETH has all been taken by the site's operator, and I have no coins left in my possession. Please focus your efforts on the site's operators to see if some funds can be recovered. This is my final message, and ending all of this may perhaps be the best choice. Sorry again."

This "Confession Letter" quickly caused a stir in the crypto community. In the message, the hacker not only admitted to their mistakes but also expressed remorse, even suggesting a possible "exit from the scene." However, this "outpouring of true feelings" inevitably raised doubts about its authenticity.

How Does the Community View This?

After the incident was exposed, some people jokingly referred to it as the "hacker version of an April Fools' joke," remarking, "When you engage in wrongdoing, you will eventually have to pay the price"; while others quipped, "It's like a scammer in Myanmar being deceived by a psoriasis advertisement on a street lamp post."

Apart from spectating the drama, some community members pointed out that the hacker may be orchestrating a play, disguising themselves as a "victim" to divert attention and possibly colluding with the phishing site operator to whitewash their identity or conceal the fund's destination. However, according to cosine tracking, this phishing site has been lurking for 5 years. If this hacker drama was indeed self-directed, it seems overly "patient." Currently, although the hacker's wallet has indeed been emptied, the possibility of hidden accounts behind it cannot be ruled out.

At the time of writing, zkLend's official team has not provided a formal response to the hacker's message. Previously, on March 5, the project team launched a "Recovery Portal," offering partial compensation to affected users and pledging to enhance security measures.

Now, the zkLend theft incident seems to have staged a "black-on-black" performance in the crypto world. Will the hacker's voluntary plea lead zkLend to collaborate with law enforcement to investigate the phishing site? Or is this just a distraction for the hacker's "whitewashing" scheme? Is the hacker's "confessional letter" a genuine repentance or a carefully planned "April Fools' Day joke"? BlockBeats will continue to track and report on the progress of the event.

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia