zkLend

Dear zkLend Community, It is with a heavy heart that we announce our decision to wind down zkLend. This decision was not made lightly. Over recent months, the exploit we suffered has deeply eroded user confidence, and furthermore, the recent removal of ZEND from major exchanges such as Bybit and KuCoin has further constrained token liquidity and accessibility. This development significantly limits our capacity to effectively allocate toward any new initiatives. Given these circumstances, we believe that using the remainder of our treasury —$200,000—towards supporting affected users through the recovery fund is a more responsible and meaningful use of resources than relaunching our money markets and continuing development. To support our community during this process: 1. The DeFi Spring, recovery, and kSTRK portal will remain live and accessible for users to unstake or to claim. 2. We continue to engage zeroShadow for their expertise in tracking down lost funds. Any recovery from these efforts will be directed towards the user recovery fund. 3. We’re open-sourcing our audited and refreshed codebase for any interested parties for further development. This will be made available in the following few weeks. We will continue to remain online and committed to the recovery of stolen funds through any means necessary. We want to sincerely thank every one of you for your support and trust throughout this journey. We have been proud to be part of Starknet’s journey from its early beginnings and to witness its growth and evolution firsthand. With gratitude and resolve, The zkLend Team

Last night, the exploiter of zkLend tried to use Tornado Cash to mix 2930 ETH of the stolen funds and interacted with a known Tornado Cash phising website tornadoeth[.]cash, thereby losing the funds to another party. https://t.co/ydMLXnoQeq This website appears to have operating over 5 years. At this stage, security teams do not have conclusive evidence that the phshing website and the exploiter are connected. As a precaution, we have included these new wallet addresses from the phshing website into our fund tracing efforts. Source: https://t.co/sATnSKGxf4 Since last night, there have been significant movements of funds from the exploiter’s controlled wallet addresses. Both security and zkLend team were monitoring in real time, while liaising with CEX and authorities in parallel. We will continue our efforts to track down these funds.

Donate to zkLend Recovery: Donation page is live now for individuals, institutions, and ecosystem partners to support our community’s recovery. All donations will go to the affected users via the Recovery Fund. We are grateful for your contributions to rebuilding zkLend and strengthening the Starknet community! https://t.co/OVOVq1xWcE Reminder: Always interact with our verified channels—beware of fake accounts.

To our users, The Recovery Portal will go live tomorrow, March 05, 2025, at 06:00 UTC. Recovery rates are now final, and you will be able to access your claims directly through the portal by connecting with your affected wallets. Thank you for your continued patience. https://t.co/1ZpRMC8zN3

To our users, Deposits in unaffected pools are expected to receive a full return of funds, and deposits in the affected pools will receive a partial return of funds along with a claim position to zkLend recovery pool. We will begin the withdrawal process in 2 weeks after the recovery claim portal has been audited. Thank you for your continued patience. https://t.co/1ZpRMC8zN3

Update: We are offering a $500,000 bounty for any verifiable information that leads to the arrest of the hacker and the recovery of all stolen funds. If you believe you have information on the hacker’s identity, please provide evidence and contact us at [email protected]. https://t.co/y2YxMm1Xbx

zkLend Security Incident Post Mortem. To our users, Starting on 11th of February, zkLend suffered an attack resulting in the loss of around $9.6 million USD in funds. We would like to thank our users and partners for their patience and trust in this difficult time. In addition to initial analysis and continuous transparent updates on all our channels, this post mortem serves as a brief report on the progress so far. Post mortem: https://t.co/xo5rTUZFfb

To our users, As the exploiter did not contact us by the deadline, the zkLend team is pursuing legal action, which may be a prolonged process. To ensure transparency, we filed an incident report with Hong Kong Police Force, the FBI, and Homeland Security to commence investigation. Our investigation indicates that the hacker has been linked to prior attacks on other DeFi protocols. We have been monitoring fund flows and identified multiple relevant wallet addresses. We have shared this information with CEXes, who are taking appropriate actions within their purview. Concurrently, we are preparing a post-mortem report with our security team, detailing the attack and its underlying causes. We will announce a recovery and fund release plan next week. Our priority is to minimize the impact on our users and partners, and handle this situation fairly and transparently for everyone involved. We appreciate your patience as we work to resolve this matter as quickly as possible. We sincerely apologize again to our users and all those affected by this incident.

To the hacker: We understand that you are responsible for today’s attack on zkLend. You may keep 10% of the funds as a whitehat bounty, and send back the remaining 90%, or 3,300 ETH to be exact, to this Ethereum address: 0xCf31e1b97790afD681723fA1398c5eAd9f69B98C. Upon receiving the transfer, we agree to release from any and all liability regarding the attack. We are working with security firms and law enforcement at this stage. If we do not hear from you by 00:00 UTC, 14th Feb 2025, we will proceed with the next steps to track and prosecute you. This message is binding. It’s sent from the Ethereum ZEND token deployer account. Its authenticity can be verified by cross-checking with zkLend’s Twitter/X account. https://t.co/8AjJ3TczPu