On February 12, the L2 protocol zkLend on Starknet lost approximately 3666 ETH ($9.6 million at the time of writing) in a hack. The withdrawal function has been suspended.
To the hacker:
— zkLend (@zkLend) February 12, 2025
We understand that you are responsible for today’s attack on zkLend. You may keep 10% of the funds as a whitehat bounty, and send back the remaining 90%, or 3,300 ETH to be exact, to this Ethereum address: 0xCf31e1b97790afD681723fA1398c5eAd9f69B98C.
Upon… pic.twitter.com/piEVPDHZd4
The zkLend team offered the hacker a deal to voluntarily return 90% of the stolen amount (3300 ETH) to a specified address, allowing the hacker to keep 10% (~$960,000) as a reward. In return, the developers promised not to pursue legal action if the hacker complies by 00:00 UTC on February 14.
If the hacker does not comply, zkLend will hand over the information to security firms and law enforcement agencies for tracking and arrest.
As a reminder, in November 2024, a hacker returned $25.5 million stolen from the DeFi project Thala in exchange for a $300,000 reward.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.