Symbols

Starknet's zkLend Hacked: $9.5M Loss, Link to EraLend Attack

Generated by AI AgentCoin World

Thursday, Feb 13, 2025 1:01 am ET1min read

On February 12th, the Starknet on-chain lending protocol zkLend was hacked, resulting in a loss of over 9.5 million US dollars. The attack exploited a vulnerability in the safeMath library used by the protocol's market contract, which adopted direct division in division calculations, leading to a rounding vulnerability in the actual amount of zToken to be destroyed during withdrawal calculation.

The attacker's address has been active for 235 days and has interacted with multiple platforms such as Binance. The hacker has transferred the stolen funds across chains, with most of it going to the Ethereum network. SlowMist founder Ye Xian stated that by tracking the attacker's Starknet-related addresses, it was discovered that this attacker has links to the July 25, 2023, EraLend hack.

The vulnerability in the safeMath library allowed the attacker to manipulate the withdrawal calculation, leading to an excessive amount of zTokens being destroyed. This resulted in a loss of over 9.5 million US dollars for the protocol. The attacker then transferred the stolen funds across chains, with most of it going to the Ethereum network.

The fact that the attacker has links to the EraLend hack suggests that this may not be an isolated incident. It is possible that the attacker is part of a larger group that is targeting on-chain lending protocols. This highlights the importance of security measures and the need for thorough audits of smart contracts before deployment.

The hack also raises questions about the security of the safeMath library and the need for more robust security measures in the development of smart contracts. The use of direct division in division calculations can lead to rounding vulnerabilities, which can be exploited by attackers. Developers should be aware of these potential vulnerabilities and take steps to mitigate them.

In response to the hack, zkLend has stated that it is working to address the vulnerability and recover the stolen funds. The protocol has also stated that it is cooperating with law enforcement agencies to investigate the incident. It is unclear at this time whether the attacker will be caught and brought to justice.

The hack of zkLend is a reminder of the risks associated with on-chain lending protocols and the need for robust security measures. As the use of these protocols continues to grow, it is important for developers to take steps to mitigate potential vulnerabilities and ensure the security of user funds.

Coin World

Quickly understand the history and background of various well-known coins

Latest Articles

Stay ahead of the market.

Get curated U.S. market news, insights and key dates delivered to your inbox.

Comments

﻿

Add a public comment...

No comments yet

AInvest
PRO

Editorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process. While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context. Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue