On February 12, 2025, zkLend, a decentralized money lending protocol on the Starknet network, was targeted in a major hack resulting in a theft of $9.5 million. The stolen funds were bridged to Ethereum and laundered through the Railgun protocol. Interestingly, due to zkLend’s protocol policies, the funds were returned to the original address by Railgun. Blockchain security firm Cyvers, which reported the exploit, highlighted the complexity of the incident, noting the sophistication of the attack and the steps taken to obscure the stolen assets.
In response to the breach, zkLend issued a public offer to the attacker, proposing a 10% bounty on the stolen funds in exchange for the return of the remaining 90%. The firm made it clear that if the funds were not returned by the specified deadline of February 14, 2025, they would cooperate with law enforcement and security firms to track and prosecute the perpetrator. This approach highlights the growing trend of crypto firms trying to handle hacks with a mix of incentives and legal threats, offering rewards for “whitehat” behavior in the hope of minimizing their losses.
While crypto hacks saw a decline in the first month of 2025, with a 44% decrease year-over-year in January, experts remain concerned about the overall trend. In January alone, over $73 million was stolen, signaling that attackers are still highly active. The total stolen in 2024 reached a staggering $2.3 billion, with a 40% increase from 2023. Security experts are bracing for another year of high-level exploits, as many fear that the number of incidents could escalate to multibillion-dollar losses.
Despite the alarming rise in crypto thefts, there have been cases where malicious actors have had a change of heart.
In a surprising turn of events, an attacker who stole $71 million in a wallet poisoning scam returned the funds after the incident gained significant attention. This development underscores the unpredictable nature of crypto exploits, where the involvement of blockchain investigation firms can sometimes lead to an unexpected resolution. Blockchain security firms are now working on preemptive measures, such as offchain transaction validation, which could prevent up to 99% of crypto hacks and scams.
Reference:
