ZkLend, a decentralized lending protocol on Starknet, recently fell victim to an exploit on its platform, resulting in the loss of an estimated $9.5 million. The incident was confirmed by the platform, which has since urged the attacker to return the stolen funds.
In a post on Feb. 12, ZkLend made a public plea to the hacker responsible for the attack, offering a whitehat bounty of 10% of the funds and requesting the return of the remaining 90%, totaling 3,300 ETH. The platform set a deadline of 00:00 UTC on Feb. 14, 2025, for the funds to be returned, promising no legal action if compliance was met. However, ZkLend stated that it would pursue legal measures and track the stolen assets if the hacker failed to return the funds.
The legitimacy of the request was emphasized by ZkLend, with the message being sent from its Ethereum ZEND token deployer account. The platform urged the public to verify the information through its official channels to ensure transparency.
As a precautionary measure, ZkLend has temporarily suspended withdrawals and advised users against depositing funds or repaying loans until further notice. The team is actively investigating the exploit in collaboration with blockchain security experts and law enforcement agencies. A detailed report on the incident and the security measures implemented will be released once the investigation concludes.
Meanwhile, cybersecurity firm Cyvers reported that the stolen ETH was bridged to Ethereum and passed through Railgun, a privacy-focused transaction service. However, due to Railgun’s internal policies, the funds were redirected back to their original address.
The attack on ZkLend is part of a concerning trend in the crypto sector, with over $100 million stolen from blockchain projects in the early months of 2025, according to data from DeFiLlama. This follows a record $2.2 billion loss across 303 incidents in 2024, highlighting the persistent threat of hacking in the industry.
As the crypto market continues to face security challenges, industry experts warn of the potential for significant financial losses in the coming year. It is crucial for platforms and users alike to remain vigilant and implement robust security measures to safeguard against cyber threats.