4 hours ago
Lending protocol zkLend stated in a June 25 post connected X that it volition upwind down its operations and nonstop its remaining $200,000 treasury to a money for users affected by a February information breach.
The squad said the exploit “deeply eroded idiosyncratic confidence” and ZEND’s delisting from Bybit and KuCoin amplified the antagonistic sentiment causing a important diminution successful the superior and liquidity needed for caller products.
Liquidity compression and determination to quit
While zkLend assessed betterment options, Bybit and KuCoin removed the ZEND token from their spot markets, sharply reducing trading extent and cutting disconnected a way to rise caller liquidity.
The squad said these constraints made a relaunch unrealistic. Instead, zkLend volition support its DeFi Spring, recovery, and kSTRK portals online, allowing users to unstake assets oregon assertion balances.
It besides retained information outfit zeroShadow to hint immoderate remaining stolen coins, pledging to way aboriginal recoveries to the idiosyncratic fund.
zkLend plans to people its refreshed, audited codebase arsenic open-source “in the coming weeks” for immoderate developer who wants to physique connected the framework. The squad added that it volition “remain online and committed to the betterment of stolen funds done immoderate means necessary,” but volition not restart its money-market operations.
The determination marks the extremity of zkLend’s four-year tally connected Starknet and formalizes the displacement from rebuilding the protocol to compensating users done the betterment pool.
Exploit drained 3,300 ETH
On Feb.12, an attacker utilized a precision rounding flaw successful zkLend’s Starknet contracts to drain astir 3,300 ETH, worth astir $9.5 cardinal astatine the time. The exploiter bridged the assets to Ethereum and routed them done the privateness instrumentality Railgun.
zkLend offered the exploiter a 10% bounty if 90% of the funds were returned by February 14, informing that it would prosecute ineligible enactment if the deadline passed. The funds ne'er came back, and the protocol halted withdrawals portion it worked with information steadfast Cyvers, instrumentality enforcement agencies, and on-chain investigators.
The probe produced an unexpected twist connected April 1 erstwhile zkLend reported that the attacker mislaid 2,930 ETH to a phishing tract impersonating Tornado Cash.
Blockchain analytics steadfast Lookonchain confirmed the loss, and the attacker sent an on-chain connection admitting the mistake, stating helium mislaid each the funds. He added: “I’m devastated and sorry.”
The breach near users locked retired of their deposits, and the protocol’s estimation suffered arsenic a result.
The station zkLend shuts down amid exploit fallout and delistings, remaining $200k redirected to users appeared archetypal connected CryptoSlate.
English (US) 