Key Points
zkLend, a money-market protocol based on Starknet, has confirmed a hacking incident. The protocol’s internal team is presently investigating the root cause of the exploit. All withdrawals on the protocol have been temporarily halted.
Details of the Hack
The hack led to a loss exceeding $9 million worth of Ethereum (ETH). zkLend, in a recent post directed to the anonymous hacker, stated that it would permit the hacker to retain 10% of the stolen funds as a “whitehat bounty”. The protocol, however, requested the hacker to return 90% of the stolen funds, equivalent to 3,300 ETH or $8.6 million based on current market prices.
zkLend announced that it is collaborating with security firms and law enforcement. The protocol warned that if no response is received by 00:00 UTC, 14th Feb 2025, it will initiate the next steps to locate and prosecute the hacker.
The Starknet (STRK)-based protocol has agreed to absolve the hacker of all charges related to the attack, provided 90% of the funds are returned. If the hacker does not respond by the deadline, the protocol stated it would take legal measures to “track and prosecute” the perpetrator.
In a separate post, zkLend mentioned it was actively tracing the funds and working to identify the hacker by teaming up with other entities, including the Starknet Foundation, StarkWare, Zero Shadow, Binance Security Team and Hypernative Labs.
CertiK Alert detected multiple attack transactions on the zkLend market. The account reported that the attacker stole at least $5 million and transferred them to Ethereum through a specific address.
Data from DeFi Llama shows that zkLend has a total value locked amounting to $1.19 million, with around $14.6 million in borrowed funds on Starknet Layer2.