L2 Standard Bridged WETH (Base) (weth) 
zkLend Launches Recovery Portal for Users Impacted by February Exploit
zkLend, a decentralized lending protocol, has officially launched its Recovery Portal, enabling users affected by the platform’s February 12 exploit to claim their lost funds. The portal’s activation was announced on March 5, with users advised to verify communications through official channels before accessing their claims.
The February 12 exploit resulted in the loss of $9.6 million from zkLend’s pools, prompting the platform to halt withdrawals and investigate the breach. According to blockchain security firm Cyvers, the stolen funds were bridged to the Ethereum network, with the hacker attempting to launder the funds through Railgun, a privacy protocol.
Tracking Down Stolen Funds
Despite Railgun’s internal policies forcing the return of the stolen assets to the hacker’s original address, the funds were not retrieved. zkLend attempted to negotiate with the hacker, offering a 10% “white hat” bounty in exchange for the return of the remaining 3,300 ETH. However, the funds were not returned despite a February 14 deadline.
To track down the stolen funds, zkLend has enlisted the help of law enforcement and leading experts from Binance Security, StarkWare, and the Starknet Foundation.
Recovery Plan and Next Steps
On February 20, zkLend detailed its recovery plan, stating that deposits in unaffected pools would be fully refunded, while affected users would receive partial compensation and a claim position in zkLend’s recovery pool. Withdrawals are scheduled to begin two weeks after an audit of the claims portal.
Deposits in unaffected pools are expected to receive a full return of funds, and deposits in the affected pools will receive a partial return of funds along with a claim position to zkLend recovery pool. We will begin the withdrawal process in 2 weeks after the audit of the claims portal.
Lessons Learned and Industry Implications
Experts reviewing the incident suggest that the hack was not due to a failure in Starknet’s proof system but rather a flaw in the contract logic. The hack highlights prevalent issues with smart contract security in the DeFi industry.
While the Recovery Portal provides a path forward for affected users, zkLend’s complete management of the exploit will be closely watched as the platform works to rebuild trust.
Stay up-to-date with the latest developments in the world of cryptocurrencies and DeFi by following Global Crypto News.
