zkLend, a decentralized lending protocol built on Starknet, has officially shut down operations following a $9.5 million exploit. The team announced it will use its remaining $200,000 treasury to support affected users through a recovery fund.
The decision comes after the delisting of the platform’s native token, ZEND, from major exchanges.
How $9.5M Exploit and Delistings Prompt zkLend Shutdown
In a message to its community, zkLend said the choice to wind down operations was difficult but necessary. The platform was hit by a significant exploit that compromised user confidence and platform integrity.
More recently, the situation worsened when the ZEND token was delisted from top crypto exchanges including Bybit and KuCoin. This reduced the token’s accessibility and market liquidity, making it harder for the team to pursue future initiatives.
“These developments significantly limit our capacity to effectively allocate toward any new initiatives,” zkLend stated in its official announcement.
Rather than continue development under constrained conditions, the team opted to shut down and redirect remaining funds to those impacted by the breach.
Notably, the platform has committed to allocating its remaining $200,000 treasury to a user recovery fund. This decision was made to prioritize community support over protocol relaunch or expansion.
Meanwhile, key services, including the DeFi Spring, Recovery, and kSTRK portals will remain live. According to the announcement, zklend further encouraged its users to visit these platforms to unstake assets or claim any remaining balances.
zkLend to Open-Source Codebase as Part of Transparent Wind-Down and Recovery Efforts
In an effort to contribute back to the DeFi ecosystem, zkLend announced plans to open-source its audited and refreshed codebase in the coming weeks. This move will enable other developers to study, repurpose, or build on the platform’s infrastructure.
While operations have ceased, zkLend affirmed its commitment to remaining online and available during the fund recovery process.
“We will continue to remain online and committed to the recovery of stolen funds through any means necessary,” the team wrote in its farewell message.
The team also notes that the project is working with zeroShadow, a blockchain investigation firm, to trace and recover stolen funds and noted that assets recovered through these efforts will be added to the recovery fund for distribution to affected users.
Notably, zkLend launched its Recovery Portal for users affected by the $9.6 million Feb. 12 exploit. Per its plan, users in unaffected pools will be fully refunded, while affected users get partial compensation and claim positions.
Cyvers reported the stolen funds were bridged to Ethereum and passed through Railgun, which returned them to the hacker’s original address due to internal safeguards.
Meanwhile, zkLend offered a 10% white hat bounty for 3,300 ETH, but the hacker didn’t respond. Unfortunately, the hacker claimed to have lost 2,930 ETH (worth $5.4 million) after mistakenly sending the stolen funds to a phishing site posing as Tornado Cash.
In a March 31 on-chain message, the attacker admitted using a fake front-end, saying they were “devastated” and “terribly sorry” for the harm caused.
The hacker asked zkLend to redirect recovery efforts toward the phishing site operators, claiming, “I do not have coins.”
Notably, a zkLend’s shutdown adds to a growing list of decentralized finance platforms and exchanges facing serious challenges from protocol exploits. CertiK reported $364 million stolen in April alone, up 1,163% from March.
The post zkLend Shuts Down After $9.5M Hack—$200K Recovery Fund Launched appeared first on Cryptonews.
