Scammers Get Scammed as Hacker Who Stole 2,930 ETH Falls for Fake TornadoCash Site

- 2,930 ETH Stolen from zkLend in Phishing Attack - Increased Security Threats from TornadoCash Imitation Sites [Unblock Media] Concerns are growing over blockchain security following the revelation that 2,930 ETH stolen from zkLend has been siphoned to a phishing website imitating TornadoCash. This incident is more shocking as it exploits users' psychology rather than being a mere technical hack. A total of 2,930 ETH (worth hundreds of billions of KRW) leaked from zkLend was deposited into the phishing website, confirmed to be a fake site mimicking the well-known anonymous remittance platform TornadoCash. The operators of this website immediately seized the ETH upon deposit and covered their tracks. The phishing website meticulously replicated TornadoCash’s user interface (UI) to trick users into believing they were on the official site. The domain used a similar address differing by just one letter, and was designed to appear at the top through Google search ads, making users click naturally. Once users connected their wallets on the site, they were prompted to sign malicious smart contracts disguised as legitimate transactions. Through this process, ETH was quickly stolen, and users were deceived by aggressive permissions or token transfer allowances rather than actual transfer requests. One victim lamented, "I only searched for TornadoCash to use it as usual, but I lost all my ETH with just one click." TornadoCash is a privacy tool that mixes Ethereum transactions, making them hard to trace. However, in this case, the attackers exploited this 'untraceable' feature as a means of fraud. Due to the familiar UI and service methods, users proceeded with transactions without suspicion and ended up losing their assets. This incident deals a severe blow to the overall trust in the blockchain ecosystem. Protecting users in a Web3 environment without centralized oversight becomes increasingly challenging, exposing the limitations of the current security structure that relies solely on individual responsibility. Ultimately, the key to preventing such incidents lies in balancing user vigilance and systematic security improvements. Without effective preventative measures, it could lead to a collapse of trust in the entire blockchain ecosystem. This incident once again underscores that security is not optional but essential for a safe Web3 environment.