TechFlow news, according to SlowMist founder Yu Xian's monitoring, the Starknet-based lending protocol zkLend suffered a hacker attack on February 12, resulting in losses exceeding $9.5 million. The root cause lies in its market contract's safeMath library using direct division during calculations, leading to a rounding vulnerability when computing the actual amount of zTokens to be burned during withdrawals—attackers exploited this flaw to profit.
On-chain data shows the attacker's address has been active for 235 days and has interacted with multiple platforms including Binance. The hacker has already transferred the stolen funds cross-chain, with most moved to the Ethereum network. Yu Xian stated that by tracking its Starknet associated addresses, the attacker was found to be linked to the EraLend hack incident on July 25, 2023.




