Odaily News According to on-chain analyst @im23pds, the attack on zkLend and the phishing website attack impersonating Tornado Cash may have been carried out by the same person.
Specifically, the attacker’s address is associated with the ENS domain safe-relayer.eth, which has been marked on Etherscan and can be further traced through its historical transfer records.
According to previous news, the hacker accidentally clicked on a phishing website, which resulted in the theft of 2,930 ETH. He later contacted zkLend through an on-chain transaction to apologize and returned part of the remaining funds.