zkLend hacker loses 2,930 ETH to Tornado Cash phishing scam

The zkLend exploiter lost all 2,930 ETH in a phishing scam while trying to launder the stolen money using what they thought was Tornado Cash.

According to a Mar. 31 post on X by Consensys-backed De.Fi Antivirus Web3, the attacker mistakenly deposited the stolen funds into a fake Tornado Cash website, resulting in an immediate loss. On-chain data shows that after realizing the mistake, the hacker sent a desperate message to zkLend’s deployer address, admitting their blunder. 

“I tried to move funds to Tornado, but I used a phishing website, and all the funds have been lost. I am devastated,” the hacker wrote. They went on to apologize for the attack and urged zkLend to focus its recovery efforts on the phishing scam operators.

More than $9.6 million in Ethereum (ETH) was stolen in the zkLend exploit, which took place on Feb. 12 . In an attempt to engage in negotiations, the Starknet-based lending protocol offered the hacker a 10% reward in exchange for returning the remaining funds by Feb. 14.

ZkLend was forced to escalate the matter to law enforcement because the hacker ignored the deadline. The platform announced that it had enlisted security experts from the Starknet Foundation, StarkWare, and Binance Security to locate and recover the funds. But now that the stolen ETH has been lost to a phishing scam, things seem to have taken a surprising turn.

The zkLend attack is part of a growing trend of high-profile cryptocurrency exploits. According to Immunefi’s Q1 2025 report, the first three months of 2025 saw the worst quarter for crypto security breaches in history, with hackers stealing $1.64 billion. The zkLend hack was the fifth-largest exploit of the quarter.

Decentralized finance protocols lost $106.8 million across 38 incidents, with Ethereum and BNB (BNB) Chain being the most targeted networks. While DeFi suffered multiple attacks, centralized finance platforms saw just two incidents, but those resulted in a staggering $1.5 billion in losses.