A major hacking incident has hit zkLend, a decentralized lending platform that operates on the Starknet blockchain. The attacker managed to steal about $9.5 million worth of cryptocurrency by exploiting a vulnerability in the system.
According to blockchain security company Cyvers, the stolen digital assets were initially moved to the Ethereum network through a bridging mechanism. The hacker then tried to hide the transactions using Railgun, a privacy-focused tool that makes it difficult to trace funds. However, due to Railgun’s internal restrictions, the stolen funds were redirected back to the hacker’s original wallet.
In reaction to the security breach, zkLend temporarily disabled all withdrawals and advised its users to avoid making deposits or repaying loans until the issue was fully investigated. The company is working with law enforcement agencies and cybersecurity experts, including StarkWare, Starknet Foundation, and Binance Security, to track the stolen assets and identify the culprit.
The incident has raised fresh concerns about security vulnerabilities in the decentralized finance (DeFi) sector. Data from DeFiLlama reveals that cybercriminals have already stolen over $110 million from blockchain projects since the beginning of 2024. This attack on zkLend is now considered one of the most significant breaches to affect the Starknet ecosystem.
Efforts to Recover Stolen Funds
To retrieve the lost assets, zkLend has reached out to the hacker via an on-chain message. They have offered the attacker a 10% “white hat” reward, allowing them to keep a portion of the funds if they return the remaining amount. The total sum requested back is around 3,300 ETH, valued at approximately $8.78 million. zkLend has set a strict deadline of February 14, warning that legal action will follow if the assets are not returned.
Preetam Rao, CEO of security firm QuillAudits, pointed out that this is likely the most significant security breach on Starknet in recent years. He commended zkLend for maintaining transparency and offering a bounty to incentivize the hacker to return the funds.
Meir Dolev, Co-founder and CTO of Cyvers, highlighted that the breach exposes major risks in DeFi lending. He noted that the vulnerability lay in zkLend’s smart contract structure rather than in the core cryptographic system of Starknet’s zero-knowledge rollup technology.
Understanding Railgun’s Role in the Attack
Unlike other tools such as Tornado Cash, which mixes funds to hide their source, Railgun is built into DeFi applications, ensuring user privacy while they interact with blockchain networks. The hacker used Railgun to obscure the movement of stolen assets, but due to its built-in policies, the funds were eventually sent back to the original wallet.
What Happens Next?
zkLend has promised to provide a full report detailing how the breach occurred once their investigation is complete. The company is urging its users to remain patient as they work to strengthen security measures and prevent similar attacks in the future.
This hack serves as a reminder of the risks in DeFi platforms. It highlights the importance of continuous security upgrades to protect digital assets from increasingly sophisticated cyber threats.
