By now you’ve probably heard that yet another attacker has hacked the largest zkLend protocol, withdrawing 3,300 ETH worth $5 million.
Starknet’s decentralised lending protocol zkLend was hacked for $9.5 million on 12 February, according to blockchain security company Cyvers.
Now the protocol’s creators are trying to negotiate with the hacker, offering a 10% reward for the return of the stolen 3,300 ETH.
How do hackers break into Tier-1 crypto platforms that are supposed to be completely secure? What was the sequence of actions taken by the attacker and were they able to trace the wallets from which they withdrew the stolen funds? What actions did xkLend take and what are they doing to recover the money?
Let’s identify the hacker, analyse his algorithm of actions step by step and understand how zkLend protects its corporate data and the security of its users.
What is ZkLend?
ZkLend is a protocol founded in 2022 and based on Layer2 Ethereum, Starknet.
According to the developers, ZkLend aims to provide users with both scaling solutions and money market products. To this end, the platform offers
- Convenient ways to borrow;
- A scalable system that offers high speed and an affordable structure.
Hacking zkLend – where it all started
On 11 February, zkLend suspended withdrawals from its official Network X account, citing an exploit:
On 12 February, zkLend, a decentralized finance platform (DeFi), announced on social media that it had been hacked. It was later revealed that more than $5 million had been stolen as a result of the hacker’s actions.
Hacker stole 3,300 ETH from zkLend
In an attempt to reach an agreement with the hacker, zkLend has offered to return 10% of the stolen funds by 00:00 UTC on 14 February 2025. Otherwise, every effort will be made to track down the attacker:
At the time of our analysis, some of the hacker’s funds, 1801 ETH, were in confirmation status from L2 to L1 networks:
Later, the network status was updated and the funds were added to the alleged attacker’s wallet balance:
A total of 4 addresses were involved in the exploit:
- 0x645c77833833A6654F7EdaA977eBEaBc680a9109
- 0xCf677c7520E02acA89BC70431eAC891e94273E8a
- 0x0B7D061D91018AaB823A755020e625FfE8B93074
- 0xcd1c290198E12c4c1809271e683572FBF977Bb63
ZkLend: In an attempt to negotiate with the hacker, the user left a wallet address where the funds should be returned. However, no funds were received from the attacker:
How to find a cryptocurrency hacker
Everyone who uses cryptocurrency leaves their mark on the blockchain, despite the decentralized environment being considered anonymous.
The hacker who stole funds in the zkLend protocol had previously used his wallet to receive funds from the Binance exchange on the Base network:
However, the amount of money is insignificant, meaning that the user may not have gone through the KYC process, which could have been a valid reason to de-anonymise them.
The protocol developers are currently working closely with security companies StarkWare Ltd, Starknet Foundation, zeroshadow.io (formerly Chainalysis Incident Response), Binance Security Team, and Hypernative Labs to investigate the incident. They are tracking the stolen funds and investigating the root cause of the exploit.
The developers of the zkLend protocol promised users full transparency throughout the investigation. They promised to publish a detailed report once the investigation is complete. zkLend assured that user trust remains the platform’s top priority and that they will do everything possible to resolve the problematic situation quickly.
Conclusion.
The zkLend hack, which resulted in the loss of $9.5 million, highlights the vulnerabilities that even top-tier decentralized finance (DeFi) platforms face, despite their advanced security measures. The protocol’s response-negotiating with the hacker and partnering with leading blockchain security firms such as StarkWare, Chainalysis, and Binance-shows a commitment to transparency and user trust.
While efforts are underway to recover the stolen funds, the incident underscores the importance of continued innovation in cybersecurity in the DeFi space. Privacy and security remain critical pillars for protocols like zkLend, especially as they aim to provide scalable solutions on layer 2 Ethereum networks.
FAQs
What is zkLend?
zkLend is a Layer 2 Ethereum-based decentralized lending protocol built on top of StarkNet. It provides scalable money market products and high-speed transactions while aiming to improve the user experience through efficient borrowing and lending solutions.
How much was stolen in the zkLend hack?
The hacker stole 3,300 ETH, valued at approximately $9.5 million, from zkLend on February 12, 2025.
What steps has zkLend taken after the hack?
zkLend suspended withdrawals, negotiated with the hacker by offering a 10% reward for the return of the stolen funds and worked with blockchain security firms to trace the attacker and investigate the exploit.
Can hackers be traced back to cryptocurrency transactions?
Yes, every cryptocurrency transaction leaves a trail on the blockchain. In this case, zkLend identified the wallets involved in the exploit and tracked the movement of funds between layer 2 and layer 1 networks.
What is the connection between the zkLend and EraLend hacks?
While details are still emerging, both hacks may share similarities in the methods used to exploit vulnerabilities in the DeFi protocols. Investigations are ongoing to determine possible links.
Why is privacy important for cryptocurrency transactions?
Privacy protects users’ identities and assets, ensuring secure and confidential transactions in the decentralized ecosystem.
What happens if the hacker doesn’t return the funds?
If the hacker does not accept zkLend’s negotiation offer, the protocol has stated that it will use all available legal and technical means to recover the stolen funds.
How does zkLend provide institutional security?
Unlike its permissionless services, the institutional version of zkLend incorporates know-your-customer (KYC) and other enhanced security measures to mitigate risk.
Will zkLend publish a detailed report on the hack?
Yes, zkLend is committed to full transparency and plans to publish a comprehensive report once the investigation is complete.
What lessons can be learned from the zkLend hack?
The incident highlights the need for robust cybersecurity measures, continuous monitoring, and collaboration with blockchain security experts to prevent future exploits in the DeFi space.
