ZKsync Recovers $5.7M in Stolen Tokens After Hacker Accepts Bounty Offer

The ZKsync Association has successfully recovered nearly $5.7 million worth of tokens stolen during a recent breach of its airdrop distribution contract. The recovery follows a 72-hour ultimatum issued to the attacker after the exploit, which occurred on April 15 and involved the misuse of an admin function.

Hacker Returns Funds Within Deadline

The attacker, having exploited a vulnerability in ZKsync’s airdrop contract, agreed to return 90% of the stolen funds in exchange for a 10% bounty. 

The three-part repayment, completed on April 23, included $2.47 million in ZK tokens and $1.83 million in Ether sent via ZKsync Era, as well as another 776 ETH—worth around $1.4 million—transferred directly to the ZKsync Security Council’s Ethereum wallet.

“We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline,” announced the ZKsync Association on X. The post was subsequently reshared by both ZKsync and Matter Labs, signaling relief and closure after days of concern within the community. Notably, no user funds were affected during the exploit.

ZKsync Exploit Details

The attack was traced to a breach of ZKsync’s admin account, which gave the attacker access to the sweepUnclaimed() function—a mechanism designed to reclaim unclaimed tokens. The hacker used it to mint 111 million unclaimed ZK tokens, worth about $5 million at the time. The exploit happened in the middle of the airdrop of 17.5% of total token supply, causing temporary turbulence in the community.

Interestingly, the value of the recovered tokens grew after the hack. A rally in both ZK and ETH prices meant that the returned assets were worth more than initially stolen. According to CoinGecko, ZK and ETH have gained 16.6% and 8.8% respectively since the April 15 attack.

Despite this resolution, the ZK token has remained largely flat, down 0.2% over the past 24 hours—suggesting investors are still cautious. The ZKsync Association has promised a full post-mortem report to explain the breach in greater detail and outline future safeguards.

As one of Ethereum’s key layer-2 solutions, ZKsync continues to maintain nearly $59 million in total value locked and over $2 billion in real-world assets onchain, underlining its importance in the broader DeFi ecosystem.

The post ZKsync Recovers $5.7M in Stolen Tokens After Hacker Accepts Bounty Offer appeared first on TheCoinrise.com.