Slow Fog Cosine: zkLend was attacked due to a vulnerability in the safeMath library of the contract, and the attacker may be linked to the EraLend hacking incident

2025-02-13 13:50:08

Collection

ChainCatcher news reports that according to Yu Xian, the founder of Slow Mist, the lending protocol zkLend on the Starknet chain was hacked on February 12, resulting in losses exceeding $9.5 million. The reason for the attack lies in the safeMath library used by its market contract, which employs direct division for calculations. This led to a rounding error in the actual number of zTokens that needed to be burned during withdrawals, which the attacker exploited for profit.

On-chain data shows that the attacker's address has an active history of 235 days and has interaction records with multiple platforms, including Binance. The hacker has since transferred the stolen funds across chains, with most of it moved to the Ethereum network. Yu Xian stated that by tracking the associated Starknet addresses, it was discovered that this attacker is linked to the hacking incident of EraLend on July 25, 2023.

(Source Link)

Related tags

zkLend hacker attack vulnerability

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.

Web3 attack incidents and security accidents

This special collection focuses on attack incidents and security accidents in the Web3 field.

Topic or theme