In yet another high-profile crypto security breach, zkLend, a next-generation decentralized lending protocol, has confirmed it was hacked, resulting in the loss of 3,300 ETH (approximately $9 million at current market prices).
Taking an unusual approach, zkLend publicly addressed the hacker via X (formerly Twitter), offering a 10% white hat bounty in exchange for returning the remaining 90% of the stolen funds. If accepted, the attacker would keep 330 ETH while sending back 2,970 ETH to a specified Ethereum address.
The incident has raised concerns over DeFi security, while experts debate whether the bounty offer is a viable recovery strategy.
Community Reactions and Withdrawal Delays
The crypto community reacted swiftly to the breach, with many noting that the stolen ETH cannot be immediately moved due to the 12-hour withdrawal delay enforced by the STARK official bridge.
One on-chain analyst highlighted this delay as a potential opportunity for law enforcement and cybersecurity teams to track and recover the stolen assets before they can be fully laundered.
Additionally, speculations about internal involvement have surfaced, with some experts suggesting that if zkLend fails to recover the funds, deeper security flaws or insider collusion could be at play.
zkLend Pledges Full Transparency in Investigation
In response to the hack, zkLend has assured users that they are conducting a comprehensive security review and will release a detailed post-mortem report once the investigation is complete.
A zkLend spokesperson emphasized the team’s commitment to trust and security, stating:
“We are actively working with blockchain security experts to track the stolen funds and strengthen our protocol against future attacks.”
While zkLend reassures its users, the DeFi ecosystem faces growing scrutiny over the rising frequency of exploits in Ethereum Layer 2 solutions like zkSync and StarkNet.
Will the Attacker Accept the Bounty or Attempt to Launder Funds?
With the 10% bounty offer on the table, all eyes are now on the hacker’s next move.
- Will they accept the white hat bounty and return the funds?
- Or will they attempt to bypass Ethereum’s on-chain tracking mechanisms and launder the assets?
Security firms, including on-chain analytics platforms and DeFi watchdogs, are closely monitoring the stolen ETH movements. If the hacker attempts to cash out, centralized exchanges may flag and freeze the funds, making laundering difficult.
For now, zkLend remains in damage control mode, while the incident serves as a stark reminder of the persistent security risks in decentralized finance.
Bitcoin 
Ethereum 
Tether 
XRP 
Solana 
BNB 
USDC 
Dogecoin 
Cardano 
Lido Staked Ether