Decentralized lending platform zkLend has launched its Recovery Portal, allowing users impacted by the February 12 exploit to claim their lost funds. The platform announced the activation of the portal on March 5 via an official post on X, urging users to verify communications before accessing their claims.
Background on the Exploit
The security breach, which resulted in a $9.6 million loss, forced zkLend to halt withdrawals while investigating the attack. Blockchain security firm Cyvers reported that the stolen assets were bridged to the Ethereum network, where the hacker attempted to launder them through Railgun, a privacy protocol. However, due to Railgun’s internal policies, the stolen funds were returned to the hacker’s original address.
Following the exploit, zkLend attempted to negotiate with the attacker, offering a 10% “white hat” bounty in exchange for the return of the remaining 3,300 ETH. Despite setting a February 14 deadline, the hacker did not comply. In response, zkLend has partnered with law enforcement and security experts from Binance Security, StarkWare, and the Starknet Foundation to trace the stolen funds.
zkLend’s Recovery Plan
On February 20, zkLend detailed its compensation strategy. Depositors in unaffected pools will receive a full refund, while those affected will be granted partial compensation along with a claim position in zkLend’s recovery pool. The withdrawal process is scheduled to begin two weeks after an audit of the claims portal.
Security Concerns and Future Measures
Experts analyzing the breach have suggested that the exploit stemmed from a flaw in the contract logic rather than an issue with Starknet’s proof system. The incident underscores ongoing security challenges in the DeFi industry, particularly concerning smart contract vulnerabilities.
While the Recovery Portal provides a structured path for affected users to recover losses, zkLend’s overall handling of the situation will be closely monitored as it works to restore confidence in its platform.
