zkLend has officially launched its Recovery Portal, allowing users impacted by the platform’s Feb. 12 exploit to claim their lost funds. The decentralized lending protocol announced the portal’s activation on a Mar. 5 post on X, advising users to verify communications through official channels before accessing their claims. The exploit drained $9.6 million from zkLend’s pools, prompting the platform to halt withdrawals and investigate the breach. Shortly after the hack, blockchain security firm Cyvers reported that the stolen funds were bridged to the Ethereum ( ETH ) network. The hacker attempted to launder the funds through Railgun, a privacy protocol. However, Railgun’s internal policies forced the return of the stolen assets to the hacker’s original address. Following the attack, zkLend attempted to negotiate with the hacker, offering a 10% “white hat” bounty in exchange for the return of the remaining 3,300 ETH. The funds were not retrieved despite a Feb. 14 deadline. To track down the stolen funds, zkLend has enlisted the help of law enforcement and leading experts from Binance Security, StarkWare, and the Starknet Foundation. You might also like: After years of groundwork, Bitcoin DeFi is ready to soar | Opinion On Feb. 20, zkLend detailed its recovery plan. Deposits in unaffected pools would be fully refunded, while affected users would receive partial compensation and a claim position in zkLend’s recovery pool. Withdrawals are scheduled to begin two weeks after an audit of the claims portal. To our users, Deposits in unaffected pools are expected to receive a full return of funds, and deposits in the affected pools will receive a partial return of funds along with a claim position to zkLend recovery pool. We will begin the withdrawal process in 2 weeks after the… — zkLend (@zkLend) February 20, 2025 Experts reviewing the incident suggest the hack was not due to a failure in Starknet’s proof system but rather a flaw in the contract logic. The hack highlights prevalent issues with smart contract security in the DeFi industry. While the Recovery Portal provides a path forward for affected users, zkLend’s complete management of the exploit will be closely watched as the platform works to rebuild trust. Read more: Aave Chan unveils ‘most important proposal’ for DeFi’s top lender
