The zkLend hacker simply obtained reverse-hacked whereas laundering $5.4M in ETH via a Twister Money phishing rip-off. Then, he despatched an on-chain message to a zkLend developer expressing regret—giving the neighborhood an early-month comedy present.

zkLend Hacker Wiped Out Whereas Laundering 2,930 ETH through Twister Money

The February assault on Starknet-based lending protocol zkLend resulted in a lack of roughly 3,666 ETH, valued at round $9.5 million. Lately, the hacker tried to launder a portion of the stolen funds—2,930 ETH—via Twister Money. Yesterday, the zkLend hacker executed a number of transfers, sending 100 Ether per transaction to an tackle labeled Twister.Money: Router, and concluded with three last deposits of 10 Ether every. He has mistakenly clicked on a phishing website impersonating the service, resulting in the moment lack of all 2,930 ETH.

In a determined transfer, the hacker despatched a “heartfelt letter” to zkLend, which was later leaked on-line, turning the incident right into a public spectacle and a supply of ridicule throughout the crypto neighborhood. 

Supply: Etherscan

Contained in the zkLend Hack for $9.6 million

On February 12, 2025, zkLend, a decentralized lending protocol on the Starknet blockchain, suffered a significant exploit, ensuing within the theft of $9.48 million (3,666 ETH). The hacker exploited a decimal precision vulnerability in zkLend’s good contract, permitting them to empty funds from the protocol’s swimming pools. 

Supply: LinkedIn

The hacker first bridged the stolen belongings to Ethereum. He then funneled them via the privateness protocol Railgun. Nonetheless, Railgun’s insurance policies pressured him to return the funds to his authentic tackle. The breach sparked critical issues about DeFi safety. It contributed to the $1.64 billion in crypto losses in Q1 2025. zkLend’s hack ranked because the fifth-largest exploit of the quarter.

In response, zkLend paused withdrawals and deposits to mitigate additional losses and launched an investigation into the contract logic flaw. The protocol supplied the hacker a ten% “white hat” bounty (3,300 ETH) to return the remaining funds. On March 5, zkLend opened a Restoration Portal, enabling customers to assert losses—full refunds for unaffected swimming pools and partial refunds with restoration pool claims for affected ones—whereas working to rebuild belief within the platform.

zkLend is a decentralized money-market protocol on Starknet, combining zk-rollup scalability with Ethereum’s safety. It permits customers to deposit, borrow, and lend belongings effectively in a trustless setting. Launched to boost DeFi accessibility, zkLend provides superior transaction velocity and value financial savings, making it a promising participant within the lending area.