zkLend loses $5 million in hacker attack

ZkLend, a decentralized lending protocol on the Starknet network, was exploited for nearly $5 million on February 12, sparking fresh concerns over crypto security.

The incident marks a resurgence in digital asset hacks following a January downturn, as overall thefts in the sector remain alarmingly high, reports Cointelegraph.

Details of the Exploit

According to blockchain security firm Cyvers, the hack resulted in a $4.9 million loss as funds were initially bridged to Ethereum and laundered via Railgun. However, due to specific protocol policies, Railgun ultimately returned the stolen funds to the original address.

In response to the incident, zkLend has offered a whitehat bounty: the attacker may keep 10% of the funds while returning the remaining 90%—amounting to approximately 3,300 ETH. “We are working with security firms and law enforcement at this stage. If we do not hear from you by 00:00 UTC, February 14, 2025, we will proceed with the next steps to track and prosecute you,” the protocol stated.

Market Context and Broader Implications

Although crypto hacks experienced a 44% year-over-year decrease in January 2025, the month still witnessed over $73 million in stolen assets, underscoring the persistent threat in the digital ecosystem. Security experts warn that the hacking landscape could escalate further this year. Data shows that in 2024, hackers stole $2.3 billion across 165 incidents—a 40% increase from 2023’s total of $1.69 billion. These figures suggest that despite improved security measures in some areas, the overall risk of crypto theft remains substantial.

The ZkLend incident has renewed calls for enhanced security protocols and regulatory oversight in the crypto industry. As investors and developers grapple with these challenges, the need for robust, cross-chain security measures has never been clearer. The evolving threat environment may force protocols to adopt more aggressive strategies to protect user funds, while regulators consider more stringent measures to deter future exploits.

Recently we wrote, that North Korean hackers from the Lazarus Group are conducting a large-scale campaign using fraudulent job postings on LinkedIn.

This material may contain third-party opinions, none of the data and information on this webpage constitutes investment advice according to our Disclaimer. While we adhere to strict Editorial Integrity, this post may contain references to products from our partners.

Latest Crypto News

23 hours ago

British court sentences two men to prison for crypto fraud

A United Kingdom court has sentenced two men, Ramondip Bedi and Patrick Mavanga, to a combined 12 years in prison for orchestrating a fraudulent crypto

Crypto News Crypto

Yesterday