zkLend Loses $4.9 Million, Sets Deadline for Hacker to Return Funds

Cyvers, a blockchain security firm, reported that the stolen funds were transferred to Ethereum ETH $1,905.41 and funneled through Railgun RAIL $0.5677 . However, due to Railgun’s policies, the money was sent back to the original address.

In a February 12 post on X, Cyvers confirmed, “zkLend has suffered a $4.9 million exploit on the Starknet network. Stolen funds were bridged to Ethereum and laundered via Railgun, but due to protocol policies, the funds were returned to the original address by Railgun!”

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is VeChain? VeChain Coin Explainer (ANIMATED)

SUBSCRIBE

ON YOUTUBE

In response, zkLend attempted to recover the funds by offering the attacker a deal. They proposed that the hacker could keep 10% as a bounty and return the remaining 90%, totaling 3,300 ETH. The team addressed the attacker in a post on X, stating:

We understand that you are responsible for today’s attack on zkLend. You may keep 10% of the funds as a whitehat bounty, and send back the remaining 90%, or 3,300 ETH to be exact.

The company also clarified that they were working with security firms and law enforcement. They added, “If we do not hear from you by 00:00 UTC, 14th February 2025, we will proceed with the next steps to track and prosecute you”.

Meanwhile, a Canadian citizen recently faced US charges for allegedly stealing millions from two decentralized finance (DeFi) platforms. How? Read the full story.