Crypto Hacks Are on the Rise Again in 2025; DeFi Platforms Remain a Target zkLend, a lending platform on Starknet, was hacked for $9.5 million (Feb 12) The hacker transferred the stolen funds to Ethereum and attempted to clean them via Railgun. But because of Railgun’s internal policies, the money was sent back to the original address.
In response, zkLend offers the attacker a 10% whitehat bounty if they return the remaining assets before February 14. Otherwise, legal action will follow.
Inside the $9.5M zkLend Hack: How It Unfolded
The zkLend hack – how will the protocol recover the stolen $9.5 million? Who hacked the platform and how does this relate to the EraLend hack? https://t.co/75bW26T8AR | #Crypto #News pic.twitter.com/m0eAHw2rPC
— Bitcoin Garden (@BitcoinGarden) February 15, 2025
According to blockchain security firm Cyvers, the attacker drained $9.5 million from zkLend on Starknet and moved the funds to Ethereum. The funds were sent through Railgun, a privacy protocol that helps obscure transaction trails. Railgun’s rules caused the stolen funds to be sent back to the original address, which was an unexpected twist.
Although some of the funds were salvaged, zkLend is still down 3,300 ETH. To incentivize the hacker to return the rest, 10% of the stolen funds are being offered as a reward if the rest is returned.
zkLend Attempts Fund Recovery Offering 10% Bonus
Instead of immediately seeking legal recourse, zkLend has chosen a more amicable route. They are giving the hacker a chance to return the stolen funds and keep a reward.
“You may keep 10% of the funds as a whitehat bounty and send back the remaining 90%, or 3,300 ETH to be exact”. However, zkLend has also issued a warning that if the hacker does not respond by 00:00 UTC on February 14, the protocol will collaborate with security firms and law enforcement to track them down.
Growing Concerns OverSecurity in DeFi.
Crypto exploits are down 44% year-on-year in January 2025, but thieves still made off with more than $73 million in just 30 days. Security analysts are concerned that a second multibillion dollar year of crypto thefts in 2025 is still ahead of us after hackers took $2.3 billion in 2024, a 40% increase on 2023.
These events illuminate the security risks inherent in DeFi protocols and the need for proactive measures to protect against future attacks.
Unexpected Twists: When Stolen Crypto Gets Returned.
Sometimes, hackers give back stolen money after seeing the consequences. In May 2024, an investor lost $71 million in ETH to a wallet scam. But after a lot of media attention and investigations, the hacker surprisingly returned all the funds.
The zkLend hacker now has two choices in his hand, first either to accept the bounty and return the stolen ETH or face legal action.
The zkLend case highlights the security risks in DeFi and how platforms try to recover stolen funds in creative ways. Some hackers return the stolen assets, while others escape responsibility.
As DeFi grows, security measures like off-chain transaction validation—where transactions are tested before they happen—could prevent up to 99% of crypto hacks and scams.
With the bounty deadline nearing, the crypto community is waiting to see if the hacker will accept the offer or face legal action. Only time will tell.
