Is Zest Safe?
Risk Grade: C+ (40/100)
Zest is rated as elevated risk — multiple novel mechanisms and notable interaction risks.
A pioneering Bitcoin DeFi protocol with real innovation but elevated risk. The launch-day exploit is a serious red flag for code quality, though the team's swift response and treasury reimbursement show accountability. Stacks and Clarity are less battle-tested than EVM alternatives. High-risk, high-reward for users who believe in Bitcoin-native DeFi and are comfortable with the security track record.
Zest is the largest DeFi lending protocol on Stacks, bringing lending and borrowing capabilities to the Bitcoin ecosystem. You can deposit STX, sBTC, stablecoins, and other assets to earn yield, or borrow against your holdings. Zest is also building BTCz, a yield-bearing Bitcoin restaking product built on Babylon. The protocol has raised $3.5M from Draper Associates and YZi Labs, uses Pyth oracle for pricing, and has an ImmuneFi bug bounty program. However, it was exploited for $897K on its launch day, which the team reimbursed from treasury.
TVL
$83M
Mechanisms
6
Interactions
5
Value Grade
C-
Key Risks for Zest Users
The protocol was exploited on its first day of public launch — while funds were reimbursed, it raises questions about code quality
Built on Stacks using Clarity, a less common smart contract language with fewer security researchers reviewing it
BTCz depends on multiple new technologies (Babylon, sBTC bridge) that have limited production history
Top Risk Factors
- •Zest was exploited on its public launch day for 324,000 STX (~$897K) through a collateral value manipulation attack, demonstrating insufficient pre-launch security testing
- •Built on Stacks using Clarity smart contracts — a less mature and less audited language than Solidity — with a smaller security researcher community to identify bugs
- •The BTCz liquid restaking product introduces novel Bitcoin-native DeFi risks with limited precedent for the Clarity/Stacks architecture
How Zest Compares to Peers
Zest ranks #62 of 90 Lending protocols (below-median — riskier than average). At a risk score of 40/100, it's 3 points riskier than the sector average of 37/100.
Adjacent peers: Vesu (C+, 39/100) is ranked just safer, and Compound V2 (C+, 40/100) is ranked just riskier.
See the full Lending sector leaderboard or the Zest vs Compound V2 comparison.
Common Questions about Zest
Plain-English answers based on Zest's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Track Record (8/15).
Has Zest ever been hacked or exploited?
Zest has had some operational issues or moderate incidents in its history. The track record dimension scored 8/15 — not catastrophic, but enough to flag. Look at the specific events and whether they were addressed by the team before drawing conclusions.
How much money is at stake in Zest?
Zest currently holds roughly $83M in user deposits. Smaller TVL means individual depositors carry a larger share of any loss event, and it can be harder to exit a position quickly during stress.
What's the worst-case scenario for Zest?
Hindenrank has identified specific collapse scenarios for Zest. The most prominent: "Second Exploit in Clarity Smart Contracts". The trigger condition is An attacker discovers another vulnerability in Zest's Clarity smart contracts — potentially in the patched collateral valuation logic or in the newer BTCz/sBTC integration — enabling fund theft. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is Zest regulated or insured?
Zest has some regulatory exposure (5/10), typical of mid-sized DeFi protocols. There is no specific enforcement action on record, but the structure includes elements that regulators have flagged in similar protocols. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for Zest?
Hindenrank's retail-focused risk audit flagged: The protocol was exploited on its first day of public launch — while funds were reimbursed, it raises questions about code quality Built on Stacks using Clarity, a less common smart contract language with fewer security researchers reviewing it BTCz depends on multiple new technologies (Babylon, sBTC bridge) that have limited production history
Should beginners deposit into Zest?
Zest's C+ grade puts it in the elevated-risk band. This is not a beginner-friendly protocol. Anyone depositing here should treat the position as speculative and avoid concentrating significant savings in it.
How does Zest compare to safer Lending alternatives?
Zest is one protocol in Hindenrank's Lending coverage. The safest Lending protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare Zest against the full Lending ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the Zest risk report.
Read the Full Zest Risk Report
This protocol has 2 collapse scenarios. 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.