“In response to the next proposal of the Zklend team, to return the stolen funds, a hacker who broke the protocol reported that he had sent 2930 ETH (~ $ 5.4 million) to the Tortnado Cash fake site. Source: Ethercan. As a result of the incident on February 12, the L2-Project based on Starknet lost ~ 3666 ETH ($ 9.6 million at that time). The attacker was immediately offered to return assets for a remuneration of 10% of the amount and the refusal of persecution. “Hi, I tried to transfer funds in Tornado but […]”, – WRITE: Businessua.com.ua
In response to the next proposal of the Zklend team to return the stolen funds, the hacker who broke the protocol reported that he sent 2930 ETH (~ $ 5.4 million) to the fake site Tornado Cash.
Source: Ethercan.
As a result of the incident on February 12, the L2-Project based on Starknet lost ~ 3666 ETH ($ 9.6 million at that time). The attacker was immediately offered to return assets for a remuneration of 10% of the amount and the refusal of persecution.
“Hi, I tried to transfer money to Tornado, but used a phishing website and lost everything. I’m devastated. I am terribly regretted about the destruction and losses. All 2930 ETH was taken by the owners of this site. I do not have coins, ”Hacker wrote in response to Zklend team address March 31.
The attacker advised to “overcome efforts” to return the assets from him to the operators of the Phishing Site.
The transactions in which the hacker allegedly lost coins was confirmed by a cybersecurity researcher under the nickname Vladimir S and a number of other specialists, including the administrator of the X-account of Tornadoshbot.
IT Sems That 2.930 Eth Stolen from @zklend Was Deposited Into Phishing Website Imitating TornadoCash and Was ImMediaTely Taken Away by The Phishing Website’s Operators.
H/t @tornadocashbot
– Vladimir S. | Officer’s notes (@officer_cia) March 31, 2025
However, the latter suggested that the ZKLEND and the owner of the Tornado Cash can be one person. At least both used one ENS address safe-relayer.th.
🚨🚨i Found Something Interesting. The Person Whoto Stole Zklend and the Phishing Website Imitating TortnadoCash May Be the Same Person. @Zklend @Officer_cia @IM23PDS
1. The ENS safe-relayer.th has been Marked on Ethercan. We Can Track Itck The Transfer Records of This Ens Pic.twitter.com/0m33Mngbl9– Tornadocashbot (@tornadoCashbot) April 1, 2025
According to the expert, a domain with Tornadorth domain[.]Cash has been featured in Telegram-Chat Mixing Platforms from 2024 and attracted attention. Safe-relayer.th was spelled out in the Phishing Platform code as a relay, although the original mixing service in this case uses a dynamic registry.
“Since the source code of the fraudulent site deleted Safe-relayer.th, and he still withdraws funds from Tornado Cash through it, he may be a hacker who broke Zklend,” the expert summed up.
The developers of L2-protocol confirmed the active movement of assets stolen in the last day.
According to them, the phishing site has been working for at least five years, but they have no convincing evidence of the platform with the hacker. The Zklend team included related addresses in tracking activities.
Recall that in March, the trader lost $ 1.82 million in USDC for Compound by signing a phishin transaction.
The gun
Please wait …