- Over $9M in Ethereum was stolen from zkLend, prompting a suspension of withdrawals.
- zkLend offers a 10% “whitehat bounty” and requests the return of 90% of the stolen funds.
- The platform sets a deadline for the hackers to return the funds or face legal action.
Starknet-based protocol zkLend reported on February 12 that hackers stole substantial funds from its money-market platform. The attack took over $9 million worth of Ethereum from the platform. The company has stopped all withdrawal functions while its team investigates the security breach. The company’s internal security team is actively investigating the path the attacker(s) used to breach their systems.
zkLend Offers Whitehat Bounty
Following the attack, zkLend announced an offer to hackers, in return for their stolen funds. The protocol set up a “whitehat bounty” that rewarded the hackers with 10% of the stolen Ethereum and demanded that 90% ($8.6 million) of the funds be returned.
Further, the protocol stated that it is working with security firms and law enforcement and warned the scammers to return the funds by 00:00 UTC, 14th February, failing which they would be tracked and prosecuted.
Related: Hackers Target Crypto Wallets Through Browser Vulnerability
DeFi Risks and Whitehat Programs
The hacker attack against zkLend shows the risks involved in DeFi protocols while also highlighting a new trend of rewarding whitehat hackers through bounty programs. The programs benefit hackers who return stolen assets instead of going through court proceedings.
Despite this incident, zkLend continues to safeguard its platform operations. After resolving the investigation, the protocol should perform a complete audit and implement advanced security elements to stop future attacks.
Users need to keep checking for updates directly from zkLend as the situation progresses. The support investigation team will provide updates during further investigation. As a first step, the company needs to find the missing funds and secure its computer systems. The platform will take legal action if the hacker does not return the stolen assets before the deadline ends.
