EddieJayonCrypto

 25 Jun 25

tl;dr

zkLend, a lending protocol, announced it will shut down and allocate its remaining $200,000 treasury to compensate users affected by a February security breach. An exploit drained about 3,300 ETH (~$9.5 million) from the protocol, leading to loss of user confidence and the delisting of the ZEND toke...

zkLend, a lending protocol on Starknet, announced it is shutting down operations and allocating its remaining $200,000 treasury to compensate users affected by a February exploit. The attack drained approximately 3,300 ETH, valued at around $9.5 million at the time, severely damaging user confidence and leading to the delisting of zkLend’s ZEND token from major exchanges Bybit and KuCoin. This delisting critically reduced liquidity, making recovery impossible.

In light of these challenges, zkLend decided to discontinue its money-market operations but will keep certain portals active, allowing users to unstake assets or claim remaining balances. The protocol engaged the security firm zeroShadow to track and recover stolen funds, pledging any recoveries to the compensation fund for affected users. Additionally, zkLend plans to release its audited codebase as open-source to enable developers to build upon its framework.

The exploit took advantage of a precision rounding vulnerability in zkLend’s Starknet contracts. After the breach, the stolen ETH was transferred through Ethereum and the privacy tool Railgun. zkLend offered a 10% bounty for the return of 90% of the funds, but the deadline passed without recovery. Shortly after, an unexpected twist occurred when the attacker lost most of the stolen ETH to a phishing scam impersonating Tornado Cash, an event confirmed by blockchain investigators. The attacker publicly expressed remorse for the loss.

This incident culminated in a liquidity squeeze that forced zkLend to halt withdrawals and shifted the company’s focus from rebuilding the protocol to compensating users. The shutdown marks the end of zkLend’s four-year presence on Starknet, underscoring the increasing challenges DeFi protocols face in managing security risks and liquidity constraints in volatile market conditions.

Disclaimer

The opinions expressed by the writers at Grow My Bag are their own and do not reflect the official stance of Grow My Bag. The content provided on our site is not intended as investment advice, and Grow My Bag is not an investment advisor. We do not endorse buying or selling any cryptocurrencies or digital assets mentioned in our articles. High-risk investments in Bitcoin, cryptocurrencies, and digital assets require thorough due diligence, and all transfers and trades made are at your own risk. Grow My Bag is not responsible for any potential losses and participates in affiliate marketing.
 27 Jun 25
 27 Jun 25
 27 Jun 25