Project Background
zkLend launched in 2023 as a lending protocol built on StarkNet, a Layer 2 scaling solution for Ethereum that uses zero-knowledge rollups. The protocol aimed to combine the best of both worlds: the scalability benefits of StarkNet with the security and composability of Ethereum. By early 2025, zkLend had established itself as one of the leading lending platforms on StarkNet, with approximately $150 million in Total Value Locked (TVL).
Project Website: https://zklend.io
The protocol allowed users to deposit various cryptocurrencies as collateral and borrow other assets against that collateral. Like most lending protocols, zkLend used an algorithmic interest rate model that adjusted based on supply and demand. Users who deposited assets earned interest from borrowers, while borrowers paid interest on their loans.
zkLend had undergone multiple security audits from reputable firms including Trail of Bits and Consensys Diligence, and had implemented a bug bounty program with rewards of up to $250,000 for critical vulnerabilities. The protocol had operated without major security incidents for nearly two years before the February 2025 exploit.
The Attack
Timeline of Events
February 10, 2025: zkLend deployed an update to their interest rate model, aiming to optimize yields for depositors during periods of high utilization.
February 11, 2025 (22:30 UTC): A security researcher posted on the zkLend Discord server about a potential issue with decimal precision in the new interest calculation formula but did not provide specific details.
February 12, 2025 (03:15 UTC): The attacker began exploiting the vulnerability by taking out a series of flash loans and manipulating the interest accrual mechanism.
February 12, 2025 (04:45 UTC): The zkLend team noticed unusual activity in the protocol and began investigating.
February 12, 2025 (05:30 UTC): The team identified the vulnerability and initiated emergency protocols to pause all lending markets.
February 12, 2025 (06:15 UTC): The team successfully paused the protocol, but not before the attacker had extracted approximately $9.57 million.
February 12, 2025 (08:00 UTC): zkLend issued a preliminary statement acknowledging the exploit and confirming that user funds were safe beyond the stolen amount.
February 13, 2025: The team published a detailed post-mortem and announced a plan to compensate affected users.
February 15, 2025: A patched version of the protocol was deployed, and markets were gradually reopened.
February 18, 2025: The attacker returned approximately $3.2 million of the stolen funds after negotiations with the zkLend team.
Technical Details
The vulnerability exploited in the zkLend protocol was a classic decimal precision error in the interest rate calculation mechanism. The issue stemmed from the recent update to the interest rate model, which introduced a more complex formula for calculating interest during periods of high utilization.
In StarkNet's Cairo programming language, which zkLend is built on, developers must carefully manage fixed-point arithmetic since the language doesn't natively support floating-point operations. The vulnerability arose from an inconsistency in how decimal precision was handled across different parts of the interest calculation:
1. Precision Inconsistency: The core issue was that the interest accrual function used different precision scales in different parts of its calculation. While most of the protocol used a standard 18 decimal places for precision (common in Ethereum-based systems), the new interest formula incorrectly used 27 decimal places in one specific calculation without proper scaling.
2. Rounding Error Exploitation: The attacker was able to manipulate the utilization rate of certain lending pools in a way that maximized the rounding errors resulting from this precision mismatch.
3. Amplification Through Iteration: By repeatedly borrowing and repaying through flash loans, the attacker could compound these small rounding errors into significant amounts.
4. Interest Accrual Manipulation: Each iteration caused the protocol to incorrectly calculate the interest owed, allowing the attacker to extract more value than they should have been able to.
// Simplified representation of the vulnerable code
// Note: This is pseudocode based on the Cairo implementation
// The vulnerable function with inconsistent precision handling
func calculate_compound_interest(
principal: Uint256,
rate: Uint256,
time_elapsed: Uint256
) -> Uint256 {
// rate is expected to be in 18 decimal precision
// but in one calculation path, it's treated as 27 decimal precision
let utilization = calculate_utilization(); // Returns value with 18 decimals
// Vulnerability: Inconsistent precision handling
if utilization > HIGH_UTILIZATION_THRESHOLD {
// This branch uses 27 decimal precision for the calculation
let adjusted_rate = rate * utilization * SCALING_FACTOR; // SCALING_FACTOR is 10^9
// The result is not properly scaled back to 18 decimals
let interest = (principal * adjusted_rate * time_elapsed) / YEAR_IN_SECONDS;
return principal + interest; // Returns with incorrect precision
} else {
// This branch correctly uses 18 decimal precision
let interest = (principal * rate * time_elapsed) / YEAR_IN_SECONDS;
return principal + interest;
}
}The attacker exploited this vulnerability by:
1. Taking out large flash loans to manipulate the utilization rate of specific lending pools, pushing them just above the HIGH_UTILIZATION_THRESHOLD.
2. Performing a series of rapid borrowing and repaying operations that triggered the interest calculation with the precision error.
3. Extracting the excess value generated by the rounding errors, which accumulated with each iteration.
4. Repeating this process across multiple lending pools to maximize the profit.
Addresses & Transactions
- Attacker's Initial Address:
0x7a16fF8270133F063aA78D63376d9f279F874f - Funds Destination:
0x3c9A0A16D3d5A9e0cD3c66f0C3513Cc4D2F68Ff
The attack was executed through a series of complex transactions across multiple lending pools on zkLend. The most significant transactions occurred between 03:15 UTC and 05:30 UTC on February 12, 2025. The attacker primarily targeted the ETH, USDC, and WBTC lending pools, as these had the highest liquidity and therefore allowed for the largest flash loans.
The stolen funds were initially moved to a single address on StarkNet, then bridged to Ethereum using the StarkNet official bridge. Once on Ethereum, the funds were split across multiple addresses and partially routed through Tornado Cash before the protocol was sanctioned. Some funds were also bridged to other chains including Arbitrum and Optimism, likely in an attempt to further obfuscate their trail.
Aftermath
Project Response
The zkLend team responded to the incident with remarkable transparency and efficiency:
1. Immediate Action: Within two hours of detecting the exploit, the team had identified the vulnerability and successfully paused all lending markets to prevent further losses.
2. Clear Communication: The team provided regular updates throughout the incident, including a preliminary statement within hours and a comprehensive post-mortem the following day.
3. Technical Fix: A patched version of the protocol was developed and deployed within three days, after undergoing an emergency audit by two independent security firms.
4. User Compensation: zkLend announced a compensation plan for affected users, using a combination of treasury funds and insurance reserves to cover the losses.
5. Attacker Negotiation: The team successfully negotiated with the attacker, offering a "white hat" bounty of $500,000 in exchange for returning the stolen funds. This resulted in the return of approximately $3.2 million.
Market Impact
The market impact of the zkLend exploit was relatively contained:
1. The protocol's native token, ZKL, experienced a 25% drop immediately following the news but recovered approximately half of those losses within a week.
2. The Total Value Locked (TVL) in zkLend decreased by approximately 40% in the days following the exploit, as some users withdrew their funds despite assurances that remaining deposits were safe.
3. The broader StarkNet ecosystem saw a temporary 10-15% decline in TVL across all protocols, reflecting increased risk perception for the entire ecosystem.
4. Competing lending protocols on other L2 networks saw modest inflows as some users migrated to alternatives.
5. The incident did not have a significant impact on the broader crypto market, with most major assets unaffected.
Recovery Efforts
Recovery efforts were partially successful:
1. Through negotiations with the attacker, zkLend managed to recover approximately $3.2 million of the stolen funds.
2. The team allocated $4 million from their treasury to compensate affected users.
3. The protocol's insurance fund covered an additional $2.3 million.
4. In total, users received approximately 99.5% compensation for their losses when measured in USD value.
5. The team implemented a more robust bug bounty program with rewards up to $500,000 for critical vulnerabilities.
6. Law enforcement agencies were engaged to track the remaining stolen funds, though no arrests have been reported as of this writing.
Analysis
Root Cause
The root cause of the zkLend exploit can be attributed to several factors:
1. Decimal Precision Handling: The fundamental issue was the inconsistent handling of decimal precision in the interest calculation formula, a common pitfall in blockchain development where floating-point operations must be simulated using integer arithmetic.
2. Insufficient Testing: The vulnerability was introduced in a recent update that had undergone standard testing but lacked specific tests for edge cases related to precision handling at high utilization rates.
3. Audit Limitations: While the protocol had been audited multiple times, the specific code path containing the vulnerability was part of a recent update that had received a more limited security review due to time constraints.
4. Complexity Risk: The introduction of a more complex interest rate model increased the attack surface and the potential for subtle mathematical errors.
5. Ignored Warning: A community member had flagged a potential issue with decimal precision the day before the attack, but the warning lacked specific details and wasn't treated with sufficient urgency.
Security Lessons
The zkLend incident offers several valuable lessons for DeFi protocols:
1. Consistent Precision Handling: Protocols must maintain consistent decimal precision throughout all calculations, especially in financial operations where small errors can be magnified through repeated transactions.
2. Comprehensive Testing: Testing should include edge cases specifically designed to stress mathematical operations, particularly around boundary conditions like high utilization rates.
3. Full Audits for All Updates: Even seemingly minor updates to financial logic should undergo complete security audits, not just incremental reviews.
4. Community Warning Systems: Protocols should establish clear channels for receiving and prioritizing security warnings from the community, even if they lack complete details.
5. Rapid Response Capability: zkLend's ability to quickly pause the protocol limited the damage, highlighting the importance of having robust emergency response mechanisms.
Red Flags
While zkLend was generally considered a reputable project, some potential red flags existed:
1. The rapid deployment of a complex update to the interest rate model without a full audit cycle.
2. The lack of immediate investigation into the community member's warning about decimal precision.
3. The inherent complexity of building on StarkNet and Cairo, which increases the risk of subtle bugs.
Suspected Perpetrator
The identity of the attacker remains unknown. The attack was executed with a high degree of technical sophistication, suggesting an experienced smart contract exploiter. The attacker's willingness to negotiate and return a portion of the funds in exchange for a bounty suggests they may be a "grey hat" hacker rather than a purely malicious actor.
Blockchain analysis firms have tracked the remaining stolen funds but have not been able to link them to any known individuals or groups. The attacker used multiple techniques to obscure their identity, including flash loans, bridging across chains, and potentially using mixing services.
Media & Community Reaction
The reaction to the zkLend exploit was mixed:
1. Criticism of the Vulnerability: Many developers criticized the team for the basic decimal precision error, highlighting it as a fundamental mistake in smart contract development.
2. Praise for the Response: The team's rapid response, transparency, and successful negotiation with the attacker were widely praised by the community and security experts.
3. Debate on StarkNet Security: The incident sparked debates about the maturity and security of the StarkNet ecosystem and the Cairo programming language.
4. Memes: As expected, the crypto community created memes about the incident, often focusing on the irony of a zero-knowledge protocol falling victim to a simple math error.
