TL;DR
- zkLend suffers a $9.5 million hack, leading to the theft of 3,300 ETH and prompting the suspension of withdrawals and an investigation with multiple security teams.
- zkLend offers a white hat bounty, proposing the hacker return 90% of the stolen funds in exchange for keeping 10%, approximately $900,000, with no legal action taken.
- The investigation is ongoing, with efforts focused on tracking the stolen assets and improving security measures to prevent future incidents.
zkLend, a decentralized finance (DeFi) platform on the StarkNet network, has suffered a significant security breach resulting in the loss of approximately $9.5 million. The hack, which occurred on February 12, exploited vulnerabilities in zkLend’s smart contracts, leading to the theft of 3,300 ETH.
In response, zkLend has suspended all withdrawals and initiated an investigation in collaboration with multiple security teams, including the StarkNet Foundation, StarkWare, Binance Security Team, and Hypernative Labs.
🚨ALERT🚨@zkLend has suffered a $9.5M exploit on the Starknet network. Stolen funds were bridged to #Ethereum and laundered via #Railgun, but due to protocol policies, the funds were returned to the original address by #Railgun!
Deposit to #Railgun:… https://t.co/0muIH2TArY— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) February 12, 2025
White Hat Bounty Proposal
To recover the stolen funds, zkLend has proposed a white hat bounty to the hacker. The platform has offered the attacker 10% of the stolen assets, approximately $900,000, if they return the remaining 90%, or 3,300 ETH, by February 14, 2025.
This proposal was communicated through an on-chain message, emphasizing that no legal action would be taken if the hacker complied. Such bounties are common in the DeFi sector and have previously led to the recovery of stolen funds in other high-profile cases.
Investigation and Security Measures
The investigation into the hack is ongoing, with zkLend working closely with blockchain analytics groups and security companies to track the stolen assets. The team suspects that the funds were drained through a code vulnerability within the smart contract platform.
The stolen assets were reportedly bridged to Ethereum and laundered through the privacy-focused mixing service Railgun. However, due to Railgun’s internal policies, a portion of the funds was returned to their original address.
Community and Market Reaction
The crypto community has reacted strongly to the incident, with many members tracking the movement of the stolen funds and analyzing potential recovery scenarios. zkLend has assured its users that it is taking all necessary steps to recover the funds and improve security measures.
The platform has also instructed users to stop depositing and repaying funds until the issue is resolved. zkLend’s $9.5 million hack highlights the ongoing security challenges in the DeFi space.
The proposed white hat bounty offers a potential path to recover the stolen funds, while the investigation and collaboration with security firms aim to prevent future incidents. The incident underscores the importance of robust security measures and community engagement in maintaining trust within the DeFi ecosystem.
