The lending protocol zkLend on the Starknet chain fell victim to a hack on February 12, resulting in losses of more than $9.5 million, as reported by ChainCatcher news. According to Yu Xian, the founder of Slow Mist, the attack was made possible due to a flaw in the safeMath library used by the market contract, which employed direct division for calculations. This error resulted in a rounding issue in the number of zTokens that needed to be burned during withdrawals, allowing the attacker to exploit the vulnerability for financial gain.
Following the hack, on-chain data revealed that the attacker’s address had been active for 235 days and had engaged with various platforms, including Binance. The stolen funds were subsequently transferred across different chains, with the majority ending up on the Ethereum network. Yu Xian further disclosed that through tracking the associated Starknet addresses, it was uncovered that the same attacker was also involved in the hacking incident of EraLend on July 25, 2023.
The incident serves as a stark reminder for individuals to approach blockchain technology with a rational mindset, increase their awareness of risks, and exercise caution when dealing with virtual token issuances and speculative activities. ChainCatcher emphasizes that all information provided on their platform is solely for informational purposes or represents the opinions of related parties, and should not be considered as investment advice. Should any sensitive information be identified, users are encouraged to report it promptly for appropriate action to be taken.
Furthermore, this event underscores the importance of ensuring the security and robustness of smart contracts and protocols on decentralized platforms. Developers and stakeholders within the blockchain ecosystem are urged to conduct thorough audits, implement stringent security measures, and remain vigilant against potential vulnerabilities that could be exploited by malicious actors.
In light of this breach, industry experts are advocating for greater collaboration and information sharing within the blockchain community to strengthen defenses against cyber threats and safeguard the integrity of decentralized systems. By fostering a culture of transparency, accountability, and continuous improvement, the industry can collectively work towards mitigating risks and enhancing the resilience of the blockchain ecosystem.
As the investigation into the zkLend hack continues and efforts are made to recover the stolen funds, the incident serves as a sobering reminder of the ongoing challenges and vulnerabilities inherent in the blockchain space. It underscores the need for proactive measures to reinforce security standards, promote best practices, and uphold the trust and confidence of stakeholders in the decentralized financial landscape.