Lending platform zkLend ceases operations following a $9.5 million hack and troubles related to token delisting.
In a shocking turn of events, the decentralized lending platform zkLend, built on Ethereum's layer-2 network Starknet, has announced its permanent closure. This decision comes after a significant security breach in February 2025, which resulted in the loss of approximately $9.5 million worth of Ethereum.
The hack, which occurred on February 11–12, was a result of a precision rounding flaw and accumulator manipulation using flash loans in zkLend's Starknet smart contracts. The attacker drained funds by bridging assets to Ethereum and routing them through the privacy tool Railgun to obscure the theft.
Following the attack, zkLend offered the exploiter a 10% bounty if 90% of the funds were returned by February 14. However, the majority of the stolen assets were not returned, although a significant portion was lost to a phishing attack unrelated to the protocol.
Despite the efforts to trace the attack and pursue recovery, including collaboration with security firm Cyvers, law enforcement, and on-chain investigators, the team decided to focus on compensating users through the recovery pool rather than attempting a full protocol rebuild.
The hack severely undermined user confidence in zkLend, leading to the delisting of the ZEND token from major exchanges, reducing liquidity and trading depth, and crippling any hopes for protocol revival. The incident also reflected broader systemic risks in DeFi protocols, especially issues linked to contract vulnerabilities like precision loss in calculations and admin control weaknesses.
In a bid to support users impacted by the exploit, zkLend has allocated the remaining $200,000 in its treasury to compensate them. The community's response and the industry's commitment to transparency and recovery efforts will play a crucial role in shaping the future resilience of decentralized finance.
As the crypto sector continues to grapple with a rise in thefts, including the $1.4 billion hack of Bybit, the recent breach at zkLend serves as a reminder of the ongoing challenges in securing decentralized platforms. zkLend plans to open-source its updated, audited codebase in the coming weeks, inviting developers and projects to build upon its existing infrastructure.
The stolen funds were transferred to an address identified as "Tornado.Cash: Router," a well-known mixing service. The recent removal of ZEND from major exchanges such as Bybit and KuCoin has further constrained token liquidity and accessibility. zkLend's DeFi Spring, recovery, and kSTRK portals will remain active for users to unstake assets or submit claims.
This article does not constitute financial advice, and readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions. zkLend's official statement was posted on its website. The team will continue working with blockchain security firm zeroShadow to trace the stolen funds.
- The security breach at zkLend, involving a precision rounding flaw and accumulator manipulation in their Starknet smart contracts, has highlighted systemic risks in the DeFi industry, particularly contract vulnerabilities like precision loss in calculations and admin control weaknesses.
- The stolen funds from zkLend's hack were transferred to an address associated with Tornado.Cash, a renowned mixing service, further complicating the recovery efforts.
- Following the hack, the crypto industry's commitment to transparency and recovery, as demonstrated by zkLend's efforts to compensate users and open-source its updated, audited codebase, will play a crucial role in shaping the future resilience of decentralized finance. Additionally, the article urges readers to conduct their own research and seek financial advice before investing.
