The lull in crypto hacks at the start of 2025 appears to have been short-lived. In a stark reminder of the vulnerabilities that still plague decentralized finance, zkLend, a decentralized lending protocol on Starknet, has fallen victim to a $4.9 million exploit. 

The attack, which occurred on Feb. 12, marks one of the first major DeFi breaches of the year and signals a potential resurgence in crypto-related cybercrime.‍

According to blockchain security firm Cyvers Alerts, the stolen funds were initially bridged to Ethereum and then laundered through the privacy protocol Railgun. However, due to protocol policies, Railgun ultimately returned the stolen assets to the original address.

"zkLend has suffered a $4.9 million exploit on the Starknet network. Stolen funds were bridged to Ethereum and laundered via Railgun, but due to protocol policies, the funds were returned to the original address by Railgun!" Cyvers reported in an alert on X (formerly Twitter).‍

Bounty Offer to the Hacker

In response to the attack, zkLend issued an on-chain message to the hacker, offering a whitehat bounty of 10%—equivalent to approximately 330 ETH—if the remaining funds were returned. The protocol also warned of legal consequences should the hacker refuse to comply.

"We understand that you are responsible for today’s attack on zkLend. You may keep 10% of the funds as a whitehat bounty and send back the remaining 90%, or 3,300 ETH, to this Ethereum address," zkLend stated in its message.

They further noted that law enforcement and blockchain security firms had been engaged to track and prosecute the perpetrator if the funds were not returned by the 00:00 UTC, Feb. 14 deadline.‍

zkLend’s Response and Next Steps

In a public statement, zkLend assured its users that it was working closely with key blockchain security teams and law enforcement to track the hacker and recover the stolen funds. The protocol is collaborating with StarkWare, the Starknet Foundation, ZeroShadow (formerly Chainalysis Incident Response), Binance Security Team, and Hypernative Labs to analyze the attack and prevent further breaches.

"We are committed to full transparency and will share a comprehensive post-mortem analysis as soon as it is completed," zkLend stated. "We understand that this is a challenging time for our community, and your trust remains our highest priority."