zkLend hack is highly related to the 2023 EraLend exploit

February 13, 2025February 13, 2025

Yu Xian, the founder of Slow Mist, linked the zkLend hack to a previous exploit on EraLend, which took place on July 25, 2023.

Key Takeaways:
– The attacker of the zkLend hack, linked to a previous EraLend exploit, drained liquidity from zkLend’s wstETH market and transferred most stolen funds to the Ethereum network.
– Lending protocol zkLend on Starknet was hacked on February 12, resulting in losses exceeding $9.5 million due to a vulnerability in its safeMath library.

Lending protocol zkLend, operating on the Starknet blockchain, suffered a security breach on February 12, resulting in losses exceeding $9.5 million.

zkLend hack is highly related to the 2023 EraLend exploit

The zkLend hack exploited a vulnerability in the platform’s safeMath library, which caused rounding errors in token withdrawals. This flaw allowed the hacker to manipulate the burning process of zTokens for profit.

省流：我们发现攻击 zkLend 的黑客与 2023 年 7 月攻击 EraLend 的黑客有强关联，怀疑是同一个。新仇旧恨可以一起燃烧起来了🔥 https://t.co/py79vxr5vV
— Cos(余弦)😶‍🌫️ (@evilcos) February 13, 2025

On-chain data indicates that the attacker’s address has been active for 235 days and has interacted with multiple platforms, including Binance. The majority of the stolen funds have since been transferred across chains, primarily to the Ethereum network.

CertiK Alert, a blockchain security platform, reported that the hacker executed multiple transactions targeting zkLend’s token lending markets.

#CertiKInsight 🚨

We have seen multiple attack transactions on @zkLend market on starknet. https://t.co/LyoV9jWvdM

The attacker took ～$5M and bridged them to Ethereum from 0x04d7191dc8eac499bac710dd368706e3ce76c9945da52535de770d06ce7d3b26.

Stay Vigilant! pic.twitter.com/agEwQDo12o
— CertiK Alert (@CertiKAlert) February 12, 2025

The primary focus was the wstETH derivatives lending market, where the attacker managed to deplete liquidity without taking out any traditional loans. Records from zkLend’s website suggest that the attacker drained the entire pool, which previously held a total supply of $21.76 million.

Statistics of lending markets on zkLend, screenshot from zkLend website on 02/13/2025

In response, zkLend suspended withdrawals to prevent further damage and launched an investigation into the attack. The protocol also made an offer to the hacker, proposing that they retain 10% of the stolen funds as a “white hat” bounty while requesting the return of the remaining 90%, estimated at 3,300 ETH. Additionally, zkLend stated it would not pursue legal action if the attacker complied with this request.

Disclaimer: The information on this website is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency markets are volatile, and investing involves risk. Always do your own research and consult a financial advisor.

John Kojo Kumi

John Kojo Kumi is a seasoned cryptocurrency and blockchain writer celebrated for his in-depth analysis of emerging startups, tokenomics, and crypto market trends. With a Bachelor of Arts in Geography and Rural Development from Kwame Nkrumah University of Science and Technology, Kumasi, John offers a unique perspective that integrates academic knowledge with industry expertise.

Throughout his career, John has made significant contributions to Crypto News Flash, ZyCrypto, and Coinstaker Media, where he sharpened his skills in crypto journalism and blockchain analysis. Now at Bitcoininfonews.com, he provides comprehensive coverage of cryptocurrencies, DeFi, NFTs, and Web3, equipping readers with the insights needed to navigate the fast-paced blockchain ecosystem. His expertise in content management, SEO, and thorough research makes his work a trusted resource for the global crypto community