zkLend has officially launched its Recovery Portal, allowing users impacted by the platform’s Feb. 12 exploit to claim their lost funds.
The decentralized lending protocol announced the portal’s activation on a Mar. 5 post on X, advising users to verify communications through official channels before accessing their claims. The exploit drained $9.6 million from zkLend’s pools, prompting the platform to halt withdrawals and investigate the breach.
Shortly after the hack, blockchain security firm Cyvers reported that the stolen funds were bridged to the Ethereum (ETH) network. The hacker attempted to launder the funds through Railgun, a privacy protocol. However, Railgun’s internal policies forced the return of the stolen assets to the hacker’s original address.
Following the attack, zkLend attempted to negotiate with the hacker, offering a 10% “white hat” bounty in exchange for the return of the remaining 3,300 ETH. The funds were not retrieved despite a Feb. 14 deadline. To track down the stolen funds, zkLend has enlisted the help of law enforcement and leading experts from Binance Security, StarkWare, and the Starknet Foundation.
On Feb. 20, zkLend detailed its recovery plan. Deposits in unaffected pools would be fully refunded, while affected users would receive partial compensation and a claim position in zkLend’s recovery pool. Withdrawals are scheduled to begin two weeks after an audit of the claims portal.
Experts reviewing the incident suggest the hack was not due to a failure in Starknet’s proof system but rather a flaw in the contract logic. The hack highlights prevalent issues with smart contract security in the DeFi industry.
While the Recovery Portal provides a path forward for affected users, zkLend’s complete management of the exploit will be closely watched as the platform works to rebuild trust.
Credit: Source link
