ZkLend, a decentralized lending protocol on Starknet, has confirmed an exploit on its platform and urged the attacker to return stolen funds.
While the platform has not disclosed the exact amount taken, blockchain security firm Cyvers estimates the loss at approximately $9.5 million.
Bounty offer
In a Feb. 12 post on X, the lending protocol stated:
“We understand that you are responsible for today’s attack on zkLend. You may keep 10% of the funds as a whitehat bounty, and send back the remaining 90%, or 3,300 ETH to be exact, to this Ethereum address: 0xCf31e1b97790afD681723fA1398c5eAd9f69B98C.”
The platform assured the attacker that no legal action would be taken if the assets were returned before the deadline of 00:00 UTC on Feb. 14, 2025. However, ZkLend intends to pursue legal measures and track the stolen assets if the hacker refuses to do so.
The protocol emphasized the legitimacy of its request, stating that the message was sent from its Ethereum ZEND token deployer account. It also urged the public to verify the information through its official X account.
In response to the breach, ZkLend has suspended withdrawals and advised users not to deposit funds or repay loans until further notice.
The team is actively investigating the exploit in collaboration with blockchain security experts and law enforcement agencies. Once the investigation concludes, a comprehensive report detailing the incident and security measures will be published.
Meanwhile, Cyvers reported that the stolen ETH was bridged to Ethereum and moved through Railgun, a privacy-focused transaction service. However, due to Railgun’s internal policies, the funds were redirected to their original address.
Over $100 million stolen this year
This attack on ZkLend adds to the growing list of security breaches in the crypto sector.
Data from DeFiLlama indicates that cybercriminals have stolen over $100 million from blockchain projects in early 2025. This follows a staggering $2.2 billion loss across 303 incidents recorded in 2024.
As hacking threats persist, market observers warn that the industry could face another year of heavy financial losses.
The post ZkLend hack sees $9.5M exploit, offers hacker 10% bounty for return appeared first on CryptoSlate.
