ZkLend has been hacked for nearly $5 million, marking a resurgence in crypto exploits following a January downturn.
Decentralized money lending protocol zkLend was exploited on the Starknet network for $4.9 million on Feb. 12, according to blockchain security firm Cyvers.
“zkLend has suffered a $4.9 million exploit on the Starknet network. Stolen funds were bridged to Ethereum and laundered via Railgun, but due to protocol policies, the funds were returned to the original address by Railgun!” Cyvers wrote.
Source: Cyvers Alerts
Following the exploit, zkLend offered 10% of the funds as a bounty and release from “any and all liabilities,” if the attacker decided to return the remaining funds:
“We understand that you are responsible for today’s attack on zkLend. You may keep 10% of the funds as a whitehat bounty, and send back the remaining 90%, or 3,300 ETH to be exact […]”
“We are working with security firms and law enforcement at this stage. If we do not hear from you by 00:00 UTC, 14th Feb 2025, we will proceed with the next steps to track and prosecute you,” the firm added.
Source: zkLend
While crypto hacks saw a 44% year-over-year decrease in January 2025, the year’s first month still resulted in over $73 million stolen.
Security experts fear another multibillion-dollar hacking year, considering that hackers stole $2.3 billion across 165 incidents in 2024, a 40% increase over 2023, when hackers stole $1.69 billion worth of crypto.
Related: BNB Chain memecoin platform Four.Meme hit by $183K exploit
This is a developing story, and further information will be added as it becomes available.
