"DeFi Giant zkLend Loses $9.5M in Crypto Heist, Offers Bounty for Recovery"

zkLend, a decentralized money lending platform on the Starknet blockchain, has suffered a significant exploit, resulting in the loss of $9.5 million in crypto assets. The hacker initially bridged the stolen funds to Ethereum and funneled them through the privacy protocol Railgun. However, due to the protocol's internal policies, the funds were redirected to the original address.

In response to the incident, zkLend paused all withdrawals and advised users to refrain from depositing or repaying loans while they investigated the cause of the exploit. The breach has raised concerns within the DeFi space, as it comes amidst growing security concerns within the sector. According to DeFiLlama data, cybercriminals have already stolen over $110 million from blockchain projects this year.

In an effort to recover the stolen funds, zkLend reached out to the hacker with an on-chain message, offering a 10% "white hat" bounty in exchange for the return of the remaining funds, amounting to 3,300 ETH (roughly $8.78 million). The platform set a strict deadline of Feb. 14 for the hacker to comply, warning that legal action would be taken if the funds were not returned.

zkLend is working with law enforcement and several security firms, including StarkWare, Starknet Foundation, and Binance Security, to trace the stolen funds and catch the hacker. Preetam Rao, CEO and Co-founder of web security firm QuillAudits, noted that the root cause of the hack does not seem to be in the proof system but rather in the contract logic. Meir Dolev, Co-founder and CTO of Cyverse, highlighted the security risks in DeFi lending and raised concerns about the safety of protocols on Starknet's zero-knowledge rollup infrastructure.

The zkLend team has committed to full transparency and will share a comprehensive post-mortem analysis as soon as it is completed. They urged users to remain patient as they work through the incident. Mitchell Amador, founder of ImmuneFi, shared his thoughts on DeFi hacking, noting that while it is an "infinitely sustainable and viable business," the crypto space is "unquestionably" getting safer, with hackers looking for more damage and their skills being applicable in various areas.