zkLend Launches Recovery Portal

zkLend has officially launched its Recovery Portal, allowing users impacted by the platform’s February 12 exploit to claim their lost funds.

The decentralized lending protocol announced the portal’s activation in a March 5 post on X, advising users to verify communications through official channels before accessing their claims. The exploit drained $9.6 million from zkLend’s pools, prompting the platform to halt withdrawals and investigate the breach.

Shortly after the hack, blockchain security firm Cyvers reported that the stolen funds were bridged to the Ethereum (ETH) network. The hacker attempted to launder the funds through Railgun, a privacy protocol. However, Railgun’s internal policies forced the return of the stolen assets to the hacker’s original address.

Following the attack, zkLend attempted to negotiate with the hacker, offering a 10% “white hat” bounty in exchange for the return of the remaining 3,300 ETH. Unfortunately, the funds were not retrieved before the February 14 deadline. To track down the stolen assets, zkLend has enlisted the help of law enforcement and experts from Binance Security, StarkWare, and the Starknet Foundation.

Recovery Plan

On February 20, zkLend detailed its recovery plan for users. Deposits in unaffected pools would be fully refunded, while affected users would receive partial compensation and a claim position in the recovery pool. Withdrawals are scheduled to begin two weeks after an audit of the claims portal.

> To our users,
> Deposits in unaffected pools are expected to receive a full return of funds, and deposits in affected pools will receive partial returns along with a claim position in the zkLend recovery pool. We will begin the withdrawal process in 2 weeks after the…
> — zkLend (@zkLend) February 20, 2025

Experts reviewing the incident suggest that the hack was not due to a failure in Starknet’s proof system but rather a flaw in the contract logic. The incident highlights the ongoing issues with smart contract security in the DeFi industry.

While the Recovery Portal provides a path forward for affected users, zkLend’s complete management of the exploit will be closely monitored as the platform works to rebuild trust.

Read more: Aave Chan unveils ‘most important proposal’ for DeFi’s top lender