ZkLend hack sees $9.5M exploit, offers hacker 10% bounty for return

robot
Abstract generation in progress

ZkLend, a decentralized lending protocol on Starknet, has confirmed an exploit on its platform and urged the attacker to return stolen funds.

While the platform has not disclosed the exact amount taken, blockchain security firm Cyvers estimates the loss at approximately $9.5 million.

Bounty offer

In a Feb. 12 post on X, the lending protocol stated:

“We understand that you are responsible for today’s attack on zkLend. You may keep 10% of the funds as a whitehat bounty, and send back the remaining 90%, or 3,300 ETH to be exact, to this Ethereum address: 0xCf31e1b97790afD681723fA1398c5eAd9f69B98C.”

The platform assured the attacker that no legal action would be taken if the assets were returned before the deadline of 00:00 UTC on Feb. 14, 2025. However, ZkLend intends to pursue legal measures and track the stolen assets if the hacker refuses to do so.

The protocol emphasized the legitimacy of its request, stating that the message was sent from its Ethereum ZEND token deployer account. It also urged the public to verify the information through its official X account.

In response to the breach, ZkLend has suspended withdrawals and advised users not to deposit funds or repay loans until further notice.

The team is actively investigating the exploit in collaboration with blockchain security experts and law enforcement agencies. Once the investigation concludes, a comprehensive report detailing the incident and security measures will be published.

Meanwhile, Cyvers reported that the stolen ETH was bridged to Ethereum and moved through Railgun, a privacy-focused transaction service. However, due to Railgun’s internal policies, the funds were redirected to their original address.

Over $100 million stolen this year

This attack on ZkLend adds to the growing list of security breaches in the crypto sector.

Data from DeFiLlama indicates that cybercriminals have stolen over $100 million from blockchain projects in early 2025. This follows a staggering $2.2 billion loss across 303 incidents recorded in 2024.

As hacking threats persist, market observers warn that the industry could face another year of heavy financial losses.

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Share
Comment
0/400
No comments
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate app
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)