VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
The leading lending platform on the Starknet chain, zkLend, has suffered an attack. The core reason for this breach lies in the fact that the value of the accumulator in an empty market can be manipulated and amplified using a unique mechanism in flash loans. Additionally, the market contract's use of the SafeMath library performs division using direct division, allowing the attacker to exploit the amplified accumulator to trigger a rounding-down vulnerability for profit. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 9,600,000.
Primary source
https://x.com/SlowMist_Team/status/1890351732313714882 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- zkLend
- bug_class
- flashloan
- date_occurred
- 2025-02-12
- loss_usd
- $9,600,000
- source_id
- sm:zklend::2025-02-12
Related — same bug class· flashloan