二月份，分散的货币贷款协议Zklend的耗资960万美元的黑客攻击者声称他们刚刚成为网站网站的受害者

二月份，分散的货币贷款协议Zklend的耗资960万美元的黑客攻击者声称他们刚刚成为网站网站的受害者

The hacker who exploited decentralized money-lending protocol zkLend for $9.6 million in February claims to have fallen victim to a phishing website impersonating Tornado Cash.

这位黑客在2月以960万美元的价格剥削了分散的贷款贷款协议Zklend声称已成为模拟龙卷风现金的网站网站的受害者。

The exploiter lost 2,930 Ether (ETH) from the stolen funds to the phishing website, according to a message sent to zkLend on Etherscan on March 31.

根据3月31日发送给Zklend的一条消息，该剥削者从被盗的资金损失了2,930 Ether（ETH）。

The zkLend thief sent 100 Ether at a time to an address named Tornado.Cash: Router in a series of March 31 transfers, finishing with three deposits of 10 Ether.

Zklend Thief一次将100 Ether送到一个名为Tornado的地址。Cash：Router在3月31日的转移中，以10件Ether的三个存款结束。

“Hello, I tried to move funds to a Tornado, but I used a phishing website, and all the funds have been lost. I am devastated. I am terribly sorry for all the havoc and losses caused,” the hacker said.

黑客说：“您好，我试图将资金搬到龙卷风，但我使用了网络钓鱼网站，所有资金都丢失了。我感到震惊。我为造成的所有破坏和损失感到非常抱歉。”

The hacker behind the zkLend exploit claims to have lost most of the funds to a phishing website posing as a front-end for Tornado Cash. Source: Etherscan

Zklend Exploit背后的黑客声称将大部分资金丢给了一个摆姿势的网站，这是龙卷风现金的前端。资料来源：Etherscan

“All the 2,930 Eth have been taken by that site owners. I do not have coins. Please redirect your efforts towards those site owners to see if you can recover some of the money.”

“所有2,930个ETH都由该网站所有者采取。我没有硬币。请将您的努力重定向到那些现场所有者，以查看您是否可以收回一些钱。”

ZkLend responded by asking the hacker to “Return all the funds left in your wallets” to the zkLend wallet address. However, another 25 Ether was then sent to a wallet listed as Chainflip1.

Zklend的回应是要求黑客“将钱包中留下的所有资金归还给Zklend Wallet地址。但是，然后将另外25个以太送到列为Chainflip1的钱包。

Earlier, another user warned the exploiter about the error, telling them, “don’t celebrate,” because all the funds were sent to the scam Tornado Cash URL.

此前，另一位用户警告剥削者有关该错误的信息，并告诉他们“不要庆祝”，因为所有资金均已发送到骗局龙卷风现金URL。

“It is so devastating. Everything gone with one wrong website.”

“这是如此毁灭性。所有错误的网站都消失了。”

Another user warned the zkLend exploiter about the mistake, but it was too late. Source: Etherscan

另一位用户警告Zklend剥削者有关错误的信息，但为时已晚。资料来源：Etherscan

How zkLend was exploited for $9.6 million

Zklend如何以960万美元的价格利用

ZkLend suffered an empty market exploit on Feb. 11 when an attacker used a small deposit and flash loans to inflate the lending accumulator, according to the protocol’s Feb. 14 post-mortem.

根据该协议后2月14日，Zklend在2月11日使用少量存款和Flash贷款来膨胀贷款蓄能器时，Zklend遭受了空旷的市场利用。

The hacker then repeatedly deposited and withdrew funds, exploiting rounding errors that became significant due to the inflated accumulator.

然后，黑客反复沉积并撤回了资金，利用了由于累加器膨胀而变得重大的舍入错误。

The attacker bridged the stolen funds to Ethereum and later failed to launder them through Railgun after protocol policies returned them to the original address.

攻击者将被盗的资金桥接给以太坊，后来在协议政策将其返回原始地址后未能通过铁路枪洗牌。

Following the exploit, zkLend proposed the hacker could keep 10% of the funds as a bounty and offered to release the culprit from legal liability and scrutiny from law enforcement if the remaining Ether was returned.

Zklend提出，黑客可以将10％的资金保留为赏金，并提议将罪魁祸首从法律责任和执法部门的审查中释放出罪魁祸首，如果剩下的以太股还归还。

Related: DeFi protocol SIR.trading loses entire $355K TVL in ‘worst news’ possible

相关：defi协议先生。交易在“最糟糕的新闻”中损失了整个$ 355K TVL

The offer deadline of Feb. 14 passed with no public response from either party. In a Feb. 19 update to X, zkLend said it was now offering a $500,000 bounty for any verifiable information that could lead to the hacker being arrested and the funds recovered.

2月14日的报价截止日期通过，没有任何一方的公众回应。 Zklend在2月19日对X的更新中表示，现在为任何可验证的信息提供了500,000美元的赏金，这些信息可能会导致黑客被捕并收回了资金。

Losses to crypto scams, exploits and hacks totaled over $33 million, according to blockchain security firm CertiK, but dropped to $28 million after decentralized exchange aggregator 1inch successfully recovered its stolen funds.

根据区块链安全公司Certik的说法，对加密骗局，漏洞和黑客的损失总计超过3,300万美元，但在分散的交易所聚合器1英寸成功收回了被盗的资金后，损失到2800万美元。

Losses to crypto scams, exploits and hacks totaled nearly $1.53 billion in February. The $1.4 billion Feb. 21 attack on Bybit by North Korea’s Lazarus Group made up the lion’s share and took the title for largest crypto hack ever, doubling the $650 million Ronin bridge hack in March 2022.

2月，加密骗局，漏洞和黑客一次成损失近15.3亿美元。 2月21日耗资14亿美元的朝鲜拉撒路集团对拜比特的袭击构成了狮子的份额，并获得了有史以来最大的加密货币hack的冠军，这使2022年3月的6.5亿美元罗宁桥黑客翻了一番。