zkLend Total Value Locked Plunges 90% to $1 Million after $9.5 Million Heist
In a devastating turn of events, zkLend, a lending protocol on the Starknet network, has been forced to shut down following a severe hack that saw the platform lose approximately $9.5 million[1]. The attack, which occurred on February 12, resulted in a 90% drop in zkLend's Total Value Locked (TVL), plummeting from nearly $12 million to $1.1 million[1].
The hacker, who used the anonymity tool Railgun during the exploit, made off with cryptocurrencies worth $3 million from zkLend[1]. In an attempt to recover the stolen funds, zkLend offered a 10% bounty to the hacker, totaling 3,300 ETH or nearly $8.8 million, and provided an Ethereum address for the return of the remaining 90%[1]. An on-chain message was used by the platform to communicate the offer and conditions for the return of the stolen funds[1].
However, the deadline for the hacker to return the funds, set for February 14, has passed, and no recovery has occurred so far[1]. If the hacker fails to comply, zkLend has threatened to initiate legal actions[1]. Following the incident, zkLend recommended that users halt depositing or repaying loans while the issue is investigated[1].
The attack on zkLend was not an isolated incident. Other Starknet dapps were also affected, with Nostra, another lending protocol, losing $10 million due to the event[1]. The hacking attack has been identified as originating from a loophole in the contract logic rather than a flaw in the ZK proof system[1].
As a result of the hack and the subsequent struggles, zkLend is shutting down[2][3]. Reports from mid-2025 suggest that the platform is no longer active, with mentions of "zkLend is shutting down following the hack and struggles with token delisting"[2][3]. There is no publicly disclosed concrete plan for reimbursement or recovery of lost assets beyond the bounty offer and paused protocol status[1][5].
The unfortunate incident has left zkLend as the worst performer among dapps with at least $10,000 in TVL[1]. The platform was depleted of $1.8 million worth of USDC and $1.7 million worth of STRK[1]. Additionally, zkLend was depleted of $6 million worth of ETH[1]. Upon receiving the transfer, zkLend stated that they would release from any and all liability regarding the attack[1].
In summary, zkLend has paused operations after a severe exploit, attempted but failed to recover stolen funds, offered bounties without success, and appears to be shutting down with no substantial recovery plan publicly disclosed as of mid-2025. The hacking attack has had a significant impact on the Starknet ecosystem, underscoring the importance of robust security measures in the decentralised finance (DeFi) space.
\n\n[1] Source: [Link to the original article or report] \n\n[2] Source: [Link to the original article or report] \n\n[3] Source: [Link to the original article or report] \n\n[4] Source: [Link to the original article or report] \n\n[5] Source: [Link to the original article or report]
- Despite offering a bounty worth millions of dollars, the daily news in the technology industry has revealed that zkLend has yet to recover the stolen funds, perhaps indicating a need for improved security measures in the decentralized finance sector.
- In the realm of finance, the daily news highlights the shutdown of zkLend, a lending protocol heavily impacted by a severe hack that resulted in a significant loss of cryptocurrencies such as USDC, STRK, and ETH.
