Based on on-chain analysis, the hacker mistakenly deposited the stolen funds on a fraudulent website pretending to be Tornado Cash, allowing scammers to pocket the entire amount. Such incidents highlight the importance of due diligence and verification processes in the crypto space.
It’s a tough blow for the zkLend hacker, who saw over $9.6 million in loot vanish in a split second.
After realizing their mistake, the hacker sent a desperate message to the zkLend development team, admitting their mishap and imploring the protocol to focus on tracking down the operators of this phishing scam.
“I tried to transfer the funds to Tornado, but I used a phishing website, and all the funds were lost. I am devastated.”
This mishap is part of a concerning trend of large-scale exploits in the DeFi ecosystem. According to Immunefi’s quarterly report, the first quarter of 2025 witnessed the worst security breaches in cryptocurrency history, with $1.64 billion stolen by hackers.
DeFi protocols have been particularly affected, experiencing 38 separate incidents and $106.8 million in losses. Ethereum and BNB Chain have been the most targeted networks. In comparison, centralized finance platforms only faced two incidents but with staggering amounts, surpassing $1.5 billion.
Faced with this wave of attacks, industry players seem to be taking steps to enhance security. Recently, Coinbase Institutional has opened its MPC library, a development aimed at promoting better sector-wide security.
However, hackers remain inventive, and DeFi protocols must remain vigilant. The zkLend incident starkly illustrates the dangers of money laundering and the need for users in the cryptosphere to always exercise caution, especially in transactions involving unlawfully obtained funds.
Gaston has been a writer for over 7 years and a passionate cryptocurrency enthusiast since 2020. He loves exploring the crypto ecosystem and is now dedicated to sharing his insights and discoveries through InvestX.
DISCLAIMER
This article is for informational purposes only and should not be considered as investment advice. Trading cryptocurrencies involves risks, and it is important not to invest more than you can afford to lose.
InvestX is not responsible for the quality of the products or services presented on this page and cannot be held liable, directly or indirectly, for any damage or loss caused by the use of any product or service featured in this article. Investments in crypto assets are inherently risky; readers should conduct their own research before taking any action and invest only within their financial means. This article does not constitute investment advice.
Risk Warning : Trading financial instruments and/or cryptocurrencies carries a high level of risk, including the possibility of losing all or part of your investment. It may not be suitable for all investors. Cryptocurrency prices are highly volatile and can be influenced by external factors such as financial, regulatory, or political events. Margin trading increases financial risks.
CFDs (Contracts for Difference) are complex instruments with a high risk of rapid capital loss due to leverage. Between 74% and 89% of retail investor accounts lose money when trading CFDs. You should assess whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.
Before engaging in financial or cryptocurrency trading, you must be fully informed about the associated risks and fees, carefully evaluate your investment objectives, level of experience, and risk tolerance, and seek professional advice if needed. InvestX.fr and the InvestX application may provide general market commentary, which does not constitute investment advice and should not be interpreted as such. Please consult an independent financial advisor for any investment-related questions. InvestX.fr disclaims any liability for errors, misinvestments, inaccuracies, or omissions and does not guarantee the accuracy or completeness of the information, texts, graphics, links, or other materials provided.
Some of the partners featured on this site may not be regulated in your country. It is your responsibility to verify the compliance of these services with local regulations before using them.
