zkLend Unveil Recovery Portal for Users Impacted in $9.6M February Exploit

On March 5th, 2025, ZkLend, a decentralized lending protocol, launched a dedicated Recovery Portal for users impacted by the $9.6 million loss caused by the February 12th exploit.

Notably, marking a crucial step in the platform’s remediation efforts offers a lens through which to examine the complexities of security and recovery within the decentralized finance (DeFi) ecosystem.

The incident involved the unauthorized draining of funds from zkLend’s pools, prompted the immediate suspension of withdrawals and the launch of a comprehensive investigation into the breach.

Investigation Details

Following the exploit, blockchain security firm Cyvers traced the movement of the stolen funds. The investigation revealed that the hacker bridged the assets to the Ethereum network and attempted to launder them using Railgun, a privacy protocol.

However, Railgun’s internal security mechanisms ironically thwarted this attempt, forcing the return of the stolen assets to the hacker’s original address. While this unexpected turn of events did not recover the funds directly, it did provide valuable forensic information to investigators.

In the aftermath of the attack, zkLend initiated negotiations with the perpetrator, offering a 10% “white hat” bounty as an incentive to return the remaining 3,300 ETH.

Despite a February 14th deadline, this negotiation proved unsuccessful. Undeterred, zkLend engaged law enforcement and enlisted the expertise of leading security professionals from Binance Security, StarkWare, and the Starknet Foundation to aid in the recovery process.

ZkLend Recovery Plans

On February 20th, zkLend publicly detailed its comprehensive recovery plan. This plan outlines full refunds for deposits in unaffected pools and partial compensation for affected users, alongside allocating a claim position within zkLend’s newly established recovery pool.

zkLend will begin letting users withdraw funds from the recovery pool two weeks after an independent audit of the claims system. Investigations show the hack wasn’t due to a problem with Starknet’s core technology. Instead, the vulnerability was in the protocol’s smart contract code.

Moreover, the recovery portal is a big step towards fixing the problem, but it’s not the end of the story. zkLend’s success in recovering from this attack will be crucial for regaining user trust and staying competitive in the DeFi market. The entire situation, from the initial hack to the current recovery, provides valuable lessons about the challenges and solutions in the fast-changing world of DeFi.