Hacker Returns Stolen $5M to ZKsync After Bounty Agreement

Số người xem bài viết (Post Views): 44

Key Takeaways:

ZKsync has recovered $5 million worth of stolen tokens after offering a bounty.
Within a 72-hour deadline, the hacker agreed to return 90% of the assets.
User funds and core protocol infrastructure are unaffected.

In an unusual win for blockchain security, ZKsync has managed to recover around $5 million worth of stolen ZK tokens after the protocol reached a quick agreement with the exploiter. Within ZKsync’s 72-hour “safe harbor” window, the hacker accepted a 10% bounty in return for returning 90% of the stolen assets.

The exploit, which was found on April 15, involved an admin key that was related to the platform’s airdrop distribution contracts. The exploiter was able to mint approximately 111 million unclaimed ZK tokens, circumventing fair distribution methods. In the wake of the breach, ZKsync promptly assured users that there was never any risk of losing their funds, and that it had no effect on the core functionalities of the ZKsync protocol.

Table of Contents

ZKsync Delivers Firm On-Chain Ultimatum to Hacker

ZKsync took a thoughtful, strategic, and transparent approach to recovering the funds. Instead of directly involving law enforcement, the team provided a route to redemption for the attacker through an on-chain message. The note described a bounty deal: give back most of the stolen tokens and keep 10% of the value — no legal repercussions.

The plan included specific conditions:

44.6 million ZK tokens were supposed to be sent to a target ZKsync Era address.
1,021.3 ETH was intended for an address on the ZKsync Era network and 766 ETH an address on Ethereum Layer 1.

Transactions sent to these addresses were exempt from transaction filtering, meaning they would be accepted even if they originated from wallets associated with the exploit. The hacker complied with all specific requests within the time frame, leading ZKsync to publicly confirm that the incident was effectively and completely closed.

ZKsync’s DeFi Crisis Response Ends with a Collaborative Resolution

The swift resolution stands in contrast to the prolonged legal battles often seen in decentralized finance. ZKsync’s on-chain negotiation, undergirded by the security community at large on the Ethereum base layer, resulted in cooperation on the part of the hacker and a never-needed potential legal escalation.

They also gave thanks to other contributors such as @_SEAL_Org, @PatrickAlphaC, and @pcaversaccio for their involvement in coordinating the recovery process. The Security Council said the returned assets are in custody now while the Security Council awaits decisions by ZKsync’s governance community regarding the use of these resources.

The attacker, under the terms of the agreement, will not face any further legal or punitive action, as long as the returned funds remain intact and unused. Moreover, the hacker is required to maintain full accountability for the returned assets, ensuring that no further malicious actions are taken with the stolen funds, and reinforcing a sense of responsibility in the process.

ZKsync Preserves Protocol Integrity Following Security Breach

As the exploit was a loophole in the airdrop system, ZKsync assured that its token contracts, smart contract infrastructure, and the balances of its users were not affected. Its own pockets were spared — only unclaimed tokens from the original airdrop were impacted, which means no real users were financially harmed.

Before the hacker returned, blockchain data indicated that they had traded out around $3.5 million in ZK tokens exchanged for Ethereum in a series of transactions, raising concerns about potential permanent losses. The cooperation that followed, though, helped preserve both the platform’s integrity and its community trust.

The ZK token itself saw only a muted price uptick of 0.5% following the recovery announcement — a clear sign that the incident was headline-grabbing in nature but not enough to cause sentiment to swing significantly in either direction.

Future Of Recovered Funds To Be Decided By ZKsync Governance

But with the crisis now passed, significant choices remain. The redistribution or management of the stashed assets will be determined through the governance of ZKsync community. A forensic analysis is also underway to determine the manner of the breach and what controls will be in place to prevent similar risks in the future.

The incident has resurrected discussions about the security of admin keys, access controls, and the need to decentralize the system for distributing tokens to high-trust venues such as airdrops.

ZKsync’s resolution is a model of transparent protocols, cooperative bounty models, and speedy communications that can turn a security crisis into an event that is manageable. In an industry in which stolen funds regularly go irretrievably missing, the case may serve as a template for future Web3 incident responses.