zkLend, a leading lending protocol on Starknet, suffered a 90% in total value locked (TVL) on February 12, as per DefiLlama. The TVL plummeted from nearly $12 million on Tuesday to the current level of $1.1 million. It is the worst performer among dapps with at least $10,000 in TVL.
The sudden decline in TVL is the result of the recent exploit, as hackers drained about $9.5 million worth of crypto.
Shortly after the incident, zkLend paused all withdrawal operations and recommended users halt depositing or repaying loans while the issue was investigated.
zkLend demanded the hacker return the funds in exchange for a 10% bounty. The protocol shared an Ethereum address for the return of the remaining 90%, totaling 3,300 ETH or nearly $8.8 million.
“Upon receiving the transfer, we agree to release from any and all liability regarding the attack,” the platform said via an on-chain message. The deadline to return the funds is February 14. If the hacker doesn’t comply, zkLend warned to initiate legal actions.
The exploit stemmed from a loophole in the contract logic rather than a flaw in the ZK proof system. Also, the hacker used Railgun to ensure anonymity.
zkLend had over $40 million in TVL only two months ago, and it was already losing traction amid the bearish pressure in DeFi at the beginning of 2025. However, the hacking attack was the final nail in the coffin, and it remains to be seen if the lending app manages to recover.
The event affected other Starknet dapps. For example, lending protocols Nostra and Vesu lost $10 million and $3 million, respectively, representing over 10% of their TVL.
For zkLend, the attack led to record daily outflows, as the dapp was depleted of $6 million worth of ETH, $1.8 million worth of USDC, and $1.7 million worth of STRK.
Stay on top of things:
Subscribe to our newsletter using this link – we won’t spam!
Follow us on X and Telegram.
Credit: Source link
