ZkLend, a decentralized money market and lending protocol on the zero-knowledge rollup StarkNet, has confirmed a security breach resulting in over $9 million theft.
In response, the team has asked the hacker to return 90% of the stolen funds, offering them a 10% bounty as a “white hat” reward. The attack forced zkLend to suspend withdrawals while its team investigated the exploit.
10% Bounty for Fund Return
The protocol’s official statement addressed the hacker directly, urging them to return 3,300 ETH (valued at approximately $8.4 million) to a specified Ethereum address.
zkLend assured the attacker that they would be released from liability regarding the incident upon receiving the funds. However, they also warned that failure to comply by February 14, 2025, would result in legal action involving security firms and law enforcement.
Investigating the Attack
While specific details about the exploit remain unclear, zkLend is actively tracing the stolen funds and working with external security teams to identify the attacker. DeFi hacks often stem from vulnerabilities in smart contract code, and experts suspect a similar flaw may have been exploited in this case.
Following the breach, zkLend swiftly disabled withdrawal functions to prevent further losses. The team continues to assess the damage and potential risks to users.
Also Read: Despite Rise in Account Compromises, Crypto Hacking Losses Fall to $98M in January: Report
Crypto Community Reacts
The attack has sparked concern within the crypto space, with users highlighting the security risks tied to DeFi protocols. One user noted that transferring the stolen funds would not be immediate due to the 12-hour withdrawal wait time imposed by the STARK official bridge.
This delay offers zkLend an opportunity to track and possibly recover the assets before they reach the Ethereum mainnet. Some have even speculated about potential insider involvement if the stolen funds are not recovered.
Rise in Crypto Hacks
The zkLend breach is part of a growing trend of crypto-related security incidents. Hackers are increasingly targeting DeFi projects, exploiting vulnerabilities in smart contracts to siphon funds.
The decentralized nature of these platforms makes them attractive to attackers, as stolen funds can be laundered through various blockchain networks.
Recently, Four.Meme, a memecoin launch platform on BNB Chain, suffered a security breach resulting in a $200,000 loss. The incident highlights how hackers continue to target liquidity pools and exploit weaknesses in smart contract security.
As crypto adoption grows, so do the risks associated with DeFi. Security experts stress the need for rigorous smart contract audits, improved on-chain monitoring, and enhanced regulatory frameworks to reduce these threats. The zkLend hack serves as another reminder that despite the promise of DeFi, security remains one of its biggest challenges.