ZKsync Recovers $5.7 Million Worth of Cryptocurrency After Hacker Agrees to Return Funds

ZKsync has successfully recovered $5.7 million worth of cryptocurrency after a hacker agreed to return the majority of funds stolen

Cryptoeconomic security startup ZKsync has recovered nearly $5.7 million after a hacker agreed to return the majority of funds stolen during an April 15 security breach.

The recovery comes after the protocol’s Security Council offered a 10% bounty to the attacker in exchange for returning the remaining 90% of the stolen assets. The stolen funds were returned in three separate transfers on Sunday, all completed within a 72-hour “safe harbor” deadline set by the ZKsync team.

The recovery includes both ZK tokens and Ethereum (ETH) sent to designated addresses on the ZKsync Era network and Ethereum mainnet.

“We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. As stated in the original Security Council message, the case is now considered resolved,” the ZKsync Association announced on X (formerly Twitter).

The announcement was later reshared by ZKsync’s official account and Matter Labs, the company behind the protocol.

The security incident stemmed from a compromised administrator account that gave the attacker unauthorized access to ZKsync’s airdrop distribution system. Using this access, the hacker exploited the sweepUnclaimed() function to mint 111 million ZK tokens that had not yet been claimed by users.

This exploit happened during ZKsync’s token distribution event, which was in the process of airdropping 17.5% of the total ZK token supply to participants in its ecosystem. The breach was confined to the distribution contracts and did not affect the core protocol infrastructure.

After obtaining the tokens, the hacker converted approximately $3.5 million worth of the stolen ZK tokens to Ethereum, according to on-chain data. The total value of stolen assets was estimated at $5 million at the time of the hack.

ZKsync quickly assured users that their personal funds remained safe throughout the incident. The team emphasized that the vulnerability was isolated to the airdrop mechanism and did not compromise any user wallets or the broader ZKsync network.

Rather than pursuing legal action immediately, ZKsync’s Security Council took a pragmatic approach to recovering the funds. They sent an on-chain message directly to the attacker with a simple offer: return 90% of the stolen funds and keep 10% as a bounty reward.

The council also provided specific wallet addresses for the return of both ZK tokens and ETH across the ZKsync Era network and Ethereum’s mainnet, with the agreement that all funds must be returned within the 72-hour deadline.

This strategy proved successful when the hacker initiated the first transfer at 2:39:57 pm UTC on Sunday. Two additional transfers followed within 13 minutes, completing the return of funds well within the established timeframe.

The returned assets, now valued at nearly $5.7 million due to price increases in both ZK and ETH since the theft, are currently being held by the ZKsync Security Council. The final allocation of these recovered funds will be determined through the protocol’s governance process.

ZKsync has also committed to publishing a comprehensive forensic report detailing the security incident and recovery process. This report will likely provide additional insights into how the breach occurred and what measures are being implemented to prevent similar exploits in the future.

Despite the successful recovery, the ZK token price showed minimal reaction to the news. The token was actually down 0.2% over the 24 hours following the announcement.

ZKsync Era, the layer 2 scaling solution affected by the breach, continues to operate normally. The platform uses zero-knowledge rollups to process Ethereum transactions more efficiently and at lower cost. Current metrics show nearly $59 million in total value locked on the chain and over $2 billion in real-world assets deployed through the protocol.

The incident highlights an emerging trend in the cryptocurrency space where projects are offering bounties to incentivize the return of stolen funds, often proving more effective than traditional recovery methods. By avoiding lengthy legal proceedings, ZKsync was able to recover the assets quickly and without further disruption to their ecosystem.