Lots of bad information in the first article. Unauthorized transactions are unauthorized and carry legal protections, even if the bank tries to claim they’re authorized. They also straight up imply that Zelle is an app. It’s not – it’s a service that also happens to have an app. The second article is not of much better quality, but it’s more concerning, because it implies that the victim’s phone was hacked. One easy solution is to not install any banking apps on your phone.
That’s good advice for the Zelle app, but it won’t help if they use a bank’s app and have multiple accounts at that bank – you can select another source for transfers.
Banks implement various transaction limits for Zelle, and I think $5K/day is the max. Some start with lower limits at first and increase with use. They should send 2FA codes when you’re adding a new contact or sending more than usual. Losing $40K like the first article claims is no easy task without a full-on phone hack.