Further digging into the attacker's address on Starknet:
0x04d7191dc8eac499bac710dd368706e3ce76c9945da52535de770d06ce7d3b26

Strongly correlated with the L1 address of the test record before the attack:

0xd95b3c1e638ce3cdc070ad6d4f385c61e2ee8662
0x93920786e0fda8496248c4447e2e082da69b6c40
0x34e5dc779cb705200e951239b6a89aaf5c7dbfc1

The traces correspond to the picture. There are indeed a lot of traces, but there is also a special discovery that is related to the hacking incident of EraLend that year (2023/7/25):
https://x.com/Era_Lend/status/1683897328938389505

I'm afraid the zkLend hackers are the ones who hacked EraLend back then. If that's the case, no wonder they left so many traces and acted so recklessly.

🚨 Update 

1/8 Our team is working tirelessly to address the situation and safeguard community interests. Here are the key updates: