According to SlowMist founder Cosine Monitor, Starknet's on-chain lending protocol zkLend was hacked on February 12, losing more than $9.50 million. The reason for the attack is that the safeMath library used in its market contract uses direct division when performing division calculations, resulting in a rounding vulnerability in the number of zTokens that actually need to be destroyed when calculating withdrawals. The attacker is taking advantage of this vulnerability to profit.
The on-chain data shows that the attacker's address has been active for 235 days and has a record of interaction with multiple platforms such as Binance. At present, the hacker has transferred the stolen funds across the chain, most of which are transferred to the Ethereum network. Cosine said that by tracing its Starknet associated address, it found that the attacker was linked to the July 25, 2023 hack of EraLend.
Slow Mist Cosine: zkLend was attacked due to a contract safeMath library vulnerability
2025-02-13 05:50:59
SlowMist founding human cosine monitoring starknet on-chain lending protocoldesk3cryptocurrencydesktopCrypto News
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
慢雾余弦:zkLend 因合约 safeMath 库漏洞遭攻击Next article:
OpenAI CEO:特朗普新政府对科技行业而言是一股“新鲜空气”