zkLend joins a growing list of decentralized finance (DeFi) protocols that have come under attack in recent times.
By Mayowa Adebajo
Edited by Julia Sakovich
Updated
3 mins read
Money market and lending protocol zkLend may have officially confirmed that it lost over $9 million in a recent security incident. Now, the protocol is intensifying efforts to recover some, if not all of the lost funds.
Shortly after the security breach, the Starknet-based protocol halted all withdrawals to mitigate any further risks. It then floated a team to investigate how the attack came about that allowed the perpetrator to get away with the protocol’s funds.
As of this publication, there hasn’t been any official confirmation of the methods used by the attacker or what the loophole really was in the protocol. However, as part of its recovery efforts, zkLend has asked the hacker to return 90% of the stolen funds, which is 3,300 ETH ETH $1 843 24h volatility: 2.1% Market cap: $222.42 B Vol. 24h: $12.06 B worth around $8.4 million going by current prices.
The firm promises not to take any legal action against the hacker if they return the funds as requested. In a show of good faith, zkLend also asked the hacker to keep the remaining 10% for their troubles. Part of its on-chain message to the hacker’s wallet during the negotiation reads:
“Upon receiving the transfer, we agree to release from any and all liability regarding the attack.”
It might be worth mentioning that zkLend joins a growing list of decentralized finance (DeFi) protocols that have come under attack in recent times. While the exact details of its own hack are yet to be uncovered, it will not be a surprise if it follows a similar pattern commonly seen in most DeFi hacks. In such cases, attackers take advantage of a vulnerability within the smart contract code to siphon funds.
For context, Arbitrum network-based options platform Moby Trade was exploited for $2.5 million in USDC USDC $1.00 24h volatility: 0.0% Market cap: $60.24 B Vol. 24h: $6.18 B , WETH WETH $1 843 24h volatility: 2.1% Market cap: $5.32 B Vol. 24h: $193.89 M , and WBTC WBTC $83 046 24h volatility: 0.8% Market cap: $10.71 B Vol. 24h: $126.23 M in January. In the same month, the BNB Chain also suffered 10 attacks, accounting for half of the month’s on-chain losses, and becoming the most targeted network in January.
These incidents show the ongoing issues within the DeFi space, and the varying tactics being employed by attackers. However, it might be worth mentioning the platforms and the crypto industry, in general, may finally be waking up to meet these challenges by beefing up their security measures and staying continually watchful.
According to an earlier report, losses due to DeFi hacks totaled $474 million in 2024. However, even that represented a 40% drop from the $787 million reported in 2023.
It remains to be seen how 2025 will shape up, especially in terms of how platforms will take up more responsibility security-wise. Starting with ZkLend, however, the protocol has said that it is actively collaborating with relevant authorities to track its funds and uncover the identification of the hacker.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
Mayowa is a crypto enthusiast/writer whose conversational character is quite evident in his style of writing. He strongly believes in the potential of digital assets and takes every opportunity to reiterate this. He's a reader, a researcher, an astute speaker, and also a budding entrepreneur. Away from crypto however, Mayowa's fancied distractions include soccer or discussing world politics.
