A Major Security Breach Hits zkLend
A decentralized money-lending platform built on the Ethereum (ETH) scaling solution Starknet has fallen victim to a significant cyberattack. The platform, zkLend, confirmed that a hacker successfully exploited its system, stealing over $9 million worth of crypto assets.
The attack, which took place in February 2025, resulted in large amounts of digital assets being drained from the platform. The hacker transferred the stolen funds to their personal wallet, which currently holds around $7 million in various cryptocurrencies. This includes 2,551 ETH, which alone is valued at approximately $2.75 million.
The incident has once again raised serious concerns about the security of decentralized finance (DeFi) platforms. DeFi operates on blockchain technology, allowing users to borrow, lend, and trade digital assets without intermediaries. However, as seen in this case, these platforms remain vulnerable to cyber threats. Hackers often exploit weaknesses in smart contracts, which are automated agreements that execute transactions on the blockchain. Once a hacker gains access, they can move funds instantly, making it difficult for victims to recover their losses.
This is not the first time a DeFi platform has been targeted. Over the years, hackers have stolen billions of dollars by taking advantage of security loopholes in blockchain protocols. This latest attack on zkLend adds to the growing list of cyber heists affecting the cryptocurrency industry.
zkLend Offers a Deal to the Hacker
In response to the breach, zkLend took an unusual approach. Instead of immediately pursuing legal action, the company publicly addressed the hacker on the social media platform X. In an open message, they offered the attacker a chance to return the stolen funds while keeping a portion as a reward.
The statement claims that if the hacker returns the remaining 90% of the stolen funds, zkLend will give them 10% as a “whitehat bounty.” The company specifically asked for the return of 3,300 ETH, providing an Ethereum wallet address for the transaction.
This type of arrangement is sometimes used in the cryptocurrency industry when security breaches occur. In some cases, hackers—who identify themselves as ethical or “whitehat” hackers—exploit security flaws to expose weaknesses rather than steal funds. These individuals often return the money and provide insights into fixing vulnerabilities. By offering a bounty, zkLend is giving the hacker an opportunity to cooperate rather than face legal consequences.
The platform also made it clear that, if the hacker complies, they will not take further action against them. However, there is a strict deadline. The hacker must return the funds before 00:00 UTC on February 14, 2025. If they fail to do so, zkLend will escalate the matter.
Potential Consequences for the Attacker
While zkLend is giving the hacker a chance to return the stolen assets, they are also issuing a serious warning. If the hacker refuses to cooperate, the company will take legal steps to track them down and recover the funds.
According to zkLend, they are already working with blockchain security firms and law enforcement agencies. These experts specialize in tracing stolen cryptocurrency transactions, even when hackers attempt to move funds across multiple wallets or use cryptocurrency mixers to hide their tracks.
In recent years, authorities have intensified their efforts to combat crypto-related crimes. Advanced blockchain analysis tools can track the movement of stolen funds, making it increasingly difficult for hackers to remain anonymous. Several cybercriminals who believed they could avoid detection have been arrested and prosecuted.
For zkLend, recovering the stolen assets is a top priority. In addition to seeking justice, they are likely reviewing their security measures to prevent similar incidents in the future. The attack highlights the risks involved in decentralized finance and the growing need for stronger security solutions.
As the deadline approaches, the crypto community is closely watching whether the hacker will accept the deal or face the consequences.
