zkLend lost nearly $5M in a Starknet hack; the protocol offers the hacker a 10% bounty if the remaining funds are returned by Feb. 14.
After a decline in January, ZkLend was breached for over $5 million, signaling a return to cryptocurrency exploits.
Blockchain security company Cyvers claims that on February 12, the Starknet network was breached for $4.9 million via the decentralized money lending protocol zKLend.
A $4.9 million attack on the Starknet network has affected zkLend. Due to protocol regulations, Railgun restored the stolen money to its originating address after it had been bridged to Ethereum and used for money laundering. Cyvers wrote.
10% of the money was offered as a reward by zkLend after the exploit, along with discharge from “any liabilities,” provided the attacker returned the remaining money:
“We understand that you are responsible for today’s attack on zkLend. You may keep 10% of the funds as a whitehat bounty and send back the remaining 90%, or 3,300 ETH to be exact […]”
“At this point, we are collaborating with law enforcement and security companies. We will take the next steps to find and punish you if we don’t hear from you by 0:00 UTC on February 14, 2025,” the firm continued.
Even though January 2025 witnessed a 44% year-over-year decline in crypto breaches, over $73 million was still stolen in the first month of the year.
Since hackers took $2.3 billion in 2024 across 165 incidents—a 40% increase over 2023, when $1.69 billion worth of cryptocurrency was stolen—security experts anticipate another year of multibillion-dollar theft.
There are happy endings to certain hacks.
Some malevolent hackers alter their minds after stealing tens of millions in cryptocurrency and drawing a lot of attention from investigators.
In a fortunate but enigmatic turn of events, a wallet-poisoning scam victim received $71 million of stolen cryptocurrency in May 2024.
Following the high-profile phishing incident that attracted the attention of several blockchain research businesses, the unidentified attacker refunded $71 million worth of Ether (ETH$2,628) tokens.
Following the incident, when an investor fell victim to a wallet poisoning scam and delivered $71 million worth of Wrapped Bitcoin to a bait wallet address, that was a startling event. After creating a wallet address using similar alphanumeric characters, the scammer made a tiny transaction to the victim’s account.
Companies specializing in blockchain security, such as Cyvers, are developing preventative methods to stop Bitcoin abuse.
According to Michael Pearl, vice president of GTM strategy at Cyvers, an upcoming technique called off-chain transaction validation might proactively simulate and validate blockchain transactions in an off-chain environment, preventing 99 percent of all crypto hacks and scams.
