The decentralized lending protocol zkLend became a victim of a hack, resulting in the theft of $4.9 million. The incident occurred on February 12 in the Starknet network, according to Cyvers, a company specializing in blockchain cybersecurity. Withdrawals have been suspended for the time being.
How the Hackers Operated
The stolen funds were transferred to the Ethereum network and attempts were made to conceal them using the Railgun anonymous transaction protocol.
“zkLend was attacked for $4.9 million in the Starknet network. The stolen funds were transferred to Ethereum and laundered through Railgun, but due to the protocol's policy, the funds returned to the original address,” Cyvers reported.
Offer to the Hackers
After the hack, the zkLend team proposed that the attackers return 90% of the stolen funds in exchange for 10% of the amount as a reward, similar to white-hat hackers, with immunity from potential legal consequences.
“We understand that you are behind the attack on zkLend. You can keep 10% of the amount as a reward and return the remaining 90% (around 3,300 ETH),” zkLend stated.
The company also warned that it is cooperating with law enforcement agencies and cybersecurity analytics firms. If the hacker does not respond by 00:00 UTC on February 14, 2025, the team will take further steps to track and prosecute the criminal.
Hacks in the Crypto Industry Continue
Despite a decline in attacks in early 2025, the industry remains vulnerable to breaches. In January, hackers stole $73 million, which is a 44% decrease compared to the same period last year. However, analysts predict that the current year could again bring multibillion-dollar losses.
In 2024, 165 major attacks were recorded, during which hackers stole $2.3 billion — 40% more than in 2023 when the losses amounted to $1.69 billion.
Not all hacks end in the final loss of funds. In May 2024, an unknown hacker unexpectedly returned $71 million in ETH, stolen through a phishing attack using wallet poisoning techniques. This occurred after the incident drew attention from several blockchain analytics companies.
The project team also reported that withdrawals through the protocol are currently suspended. Furthermore, the developers asked users to refrain from making deposits or withdrawals until the situation normalizes. The company has not yet responded to whether the funds held in users' wallets were affected.
Read Also:
- BNB Chain Security in Question — Four.Meme Hacked, $183K Stolen
- FBI Warns of Increasing AI-Driven Phishing Attacks on Gmail — How to Protect Yourself
- Xeggex Exchange Freezes User Accounts After Hacker Attack – Are Clients' Funds at Risk?
- Hackers Breach Visa Account to Promote Scam Coin
This post is for informational purposes only and is not an ad or investment advice. Please do your own research making any decisions.