A security breach on February 12 led to the loss of nearly $5 million from zkLend, a decentralized lending protocol on Starknet.
Cyvers, a blockchain security firm, reported that the stolen funds were transferred to Ethereum
In a February 12 post on X, Cyvers confirmed, “zkLend has suffered a $4.9 million exploit on the Starknet network. Stolen funds were bridged to Ethereum and laundered via Railgun, but due to protocol policies, the funds were returned to the original address by Railgun!”
Did you know?
Subscribe - We publish new crypto explainer videos every week!
Can Russia Use Crypto to Bypass Sanctions? (Animated)
In response, zkLend attempted to recover the funds by offering the attacker a deal. They proposed that the hacker could keep 10% as a bounty and return the remaining 90%, totaling 3,300 ETH. The team addressed the attacker in a post on X, stating:
We understand that you are responsible for today’s attack on zkLend. You may keep 10% of the funds as a whitehat bounty, and send back the remaining 90%, or 3,300 ETH to be exact.
The company also clarified that they were working with security firms and law enforcement. They added, “If we do not hear from you by 00:00 UTC, 14th February 2025, we will proceed with the next steps to track and prosecute you”.
Meanwhile, a Canadian citizen recently faced US charges for allegedly stealing millions from two decentralized finance (DeFi) platforms. How? Read the full story.
