ZkLend, a decentralized lending protocol on Starknet, has confirmed an exploit on its platform and urged the attacker to return stolen funds.
Whereas the platform has not disclosed the precise quantity taken, blockchain safety agency Cyvers estimates the loss at roughly $9.5 million.
Bounty supply
In a Feb. 12 submit on X, the lending protocol said:
“We perceive that you’re accountable for at present’s assault on zkLend. You might preserve 10% of the funds as a whitehat bounty, and ship again the remaining 90%, or 3,300 ETH to be actual, to this Ethereum handle: 0xCf31e1b97790afD681723fA1398c5eAd9f69B98C.”
The platform assured the attacker that no authorized motion can be taken if the property had been returned earlier than the deadline of 00:00 UTC on Feb. 14, 2025. Nonetheless, ZkLend intends to pursue authorized measures and monitor the stolen property if the hacker refuses to take action.
The protocol emphasised the legitimacy of its request, stating that the message was despatched from its Ethereum ZEND token deployer account. It additionally urged the general public to confirm the knowledge by means of its official X account.
In response to the breach, ZkLend has suspended withdrawals and suggested customers to not deposit funds or repay loans till additional discover.
The staff is actively investigating the exploit in collaboration with blockchain safety consultants and legislation enforcement companies. As soon as the investigation concludes, a complete report detailing the incident and safety measures can be printed.
In the meantime, Cyvers reported that the stolen ETH was bridged to Ethereum and moved by means of Railgun, a privacy-focused transaction service. Nonetheless, because of Railgun’s inner insurance policies, the funds had been redirected to their authentic handle.
Over $100 million stolen this yr
This assault on ZkLend provides to the rising record of safety breaches within the crypto sector.
Information from DeFiLlama signifies that cybercriminals have stolen over $100 million from blockchain initiatives in early 2025. This follows a staggering $2.2 billion loss throughout 303 incidents recorded in 2024.
As hacking threats persist, market observers warn that the trade might face one other yr of heavy monetary losses.
