The hacker responsible for exploiting the decentralized lending protocol ZkLend for 2,930 ETH, valued at $5.4 million, attempted to launder the stolen funds through Tornado Cash. However, the hacker mistakenly used a phishing website impersonating the legitimate crypto mixer. As a result, the entire amount of 2,930 ETH was stolen again by the phishing site operators. The hacker later sent an on-chain apology to ZkLend, admitting to the mistake and expressing regret for the incident. ZkLend, a Starknet-based protocol, confirmed the phishing incident and stated that blockchain analytics firms, centralized exchanges, and authorities are monitoring the situation. The phishing website involved has reportedly been active for over five years, and wallet addresses associated with the site have been added to ongoing fund-tracing efforts. The protocol, which was exploited in February, had previously offered the hacker a 10% bounty for returning the stolen funds. However, the hacker did not comply, leading ZkLend to partner with security teams from Starknet, StarkWare, and Binance to recover the funds.