zkLend, a Starknet-based Layer 2 money-market protocol, has suffered a security breach resulting in the loss of over $9 million worth of Ether from its coffers.
In response, the platform has suspended all withdrawals and launched an internal investigation to determine the cause of the exploit.
In an official statement on X, zkLend’s developers confirmed the breach and offered the hacker a deal to return 90% of the stolen assets—approximately 3,300 ETH, valued at $8.6 million—and keep the remaining 10% as a “whitehat bounty.”
“We are working with security firms and law enforcement at this stage. If we do not hear from you by 00:00 UTC, 14th Feb 2025, we will proceed with the next steps to track and prosecute you.”
the zkLend team stated.
They also assured that once the 90% restitution is made, the hacker will be released from any legal consequences.
To track the stolen assets and identify the perpetrator, the zkLend team noted in a separate post that it had enlisted the help of several security and blockchain organizations, including the Starknet Foundation, StarkWare, Zero Shadow, Binance Security Team, and Hypernative Labs.
Meanwhile, blockchain security firm CertiK Alert detected multiple suspicious transactions earlier today, confirming that at least $5 million was stolen from the protocol and subsequently bridged to Ethereum via a specified wallet address.
According to DeFi Llama, zkLend currently holds a Total Value Locked (TVL) of $1.19 million, with approximately $14.6 million in borrowed assets on Starknet’s Layer 2 network.
This exploit follows a recent attack on Orange Finance, a major liquidity management protocol on the Arbitrum network, which lost over $840,000 in early January. The attacker gained control of the admin address, upgraded the protocol’s contracts, and drained funds.
The Orange Finance team, having lost control of the affected contract, contacted the hacker via an on-chain message, offering to treat the incident as a white-hat hack if the funds were returned. Cyvers Alert later confirmed that the stolen funds were converted into Ethereum, prompting the team to urge users to revoke any contract approvals linked to the protocol for security reasons.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
