ZKSync Recovers $5M Stolen in Airdrop Exploit by Reaching Agreement with the Hacker

ZKSync confirmed that it had fully recovered approximately $5 million in ZK tokens stolen during a recent breach involving its airdrop distribution contracts after reaching an agreement with the exploiter.

ZKSync has fully recovered the $5 million in ZK tokens stolen in a recent breach of airdrop distribution contracts, the protocol announced on Sunday.

The announcement on social media follows a 72-hour “safe harbor” window offered by the protocol’s Security Council.

According to the team, the returned assets are now held in custody by the Security Council, with protocol governance determining the final decision on their use. A detailed forensic report on the incident and subsequent recovery is being prepared.

Exploiter complies with safe harbor terms

The exploit, which occurred on April 15, involved the unauthorized minting of roughly 111 million ZK tokens, or about $5 million at the time, through a compromised admin key.

The vulnerability was confined to ZKSync’s airdrop distribution contracts and did not affect the broader protocol infrastructure, ZK token contract, or governance operations.

The attacker bypassed standard allocation mechanisms and claimed unclaimed tokens from the network’s first distribution round. On-chain data later confirmed that the exploiter swapped approximately $3.5 million in stolen ZK tokens for Ethereum (ETH).

ZKSync assured users that the incident did not compromise customer funds or core infrastructure.

To avoid prolonged legal proceedings, ZKSync’s Security Council issued an on-chain message to the exploiter, offering a 10% bounty for returning 90% of the exploited funds.

The proposal included specific wallet addresses for transferring ZK and ETH tokens across the ZKSync Era network and Ethereum’s mainnet by the stated deadline.

The agreement was contingent on the full return of funds by the stated deadline. ZKSync confirmed the resolution of the matter with the assets successfully transferred, adding that it won’t take further action against the attacker.

“We are pleased to announce that the exploiter has returned the stolen ZK tokens, and we have reached an agreement to resolve the incident,” the team said.

“The recovered assets are currently held by the ZKSync Security Council, and protocol governance will decide on their future use.”

The recovered assets are currently held by the ZKSync Security Council, and protocol governance will decide on their future use. A detailed forensic report on the incident and subsequent recovery is being prepared and will be shared shortly.

According to the team, the incident has prompted renewed scrutiny over smart contract access controls, particularly regarding admin key security and airdrop mechanisms.

Despite the swift recovery, the exploit temporarily inflated the ZK token supply and triggered a market reaction.

Moreover, the price of ZK did not react to the news, with just a 0.5% increase since the ZKSync revealed the agreement and recovery of funds.

The post ZKSync fully recovers $5 million stolen in recent exploit appeared first on Chain Teller.