While zkLend assessed recovery options, Bybit and KuCoin removed the ZEND token from their spot markets, sharply reducing trading depth and cutting off a path to raise fresh liquidity.
The team said these constraints made a relaunch unrealistic. Instead, zkLend will keep its DeFi Spring, recovery, and kSTRK portals online, allowing users to unstake assets or claim balances.
It also retained security outfit zeroShadow to trace any remaining stolen coins, pledging to route future recoveries to the user fund.
zkLend plans to publish its refreshed, audited codebase as open-source “in the coming weeks” for any developer who wants to build on the framework. The team added that it will “remain online and committed to the recovery of stolen funds through any means necessary,” but will not restart its money-market operations.
zkLend offered the exploiter a 10% bounty if 90% of the funds were returned by February 14, warning that it would pursue legal action if the deadline passed. The funds never came back, and the protocol halted withdrawals while it worked with security firm Cyvers, law enforcement agencies, and on-chain investigators.
Blockchain analytics firm Lookonchain confirmed the loss, and the attacker sent an on-chain message admitting the mistake, stating he lost all the funds. He added: “I’m devastated and sorry.”
The breach left users locked out of their deposits, and the protocol’s reputation suffered as a result.
