$5.7M Hack Reversed: ZKsync Recovers Funds in Bounty Deal

The ZKsync Association has successfully recovered approximately $5.7 million worth of digital assets following a security breach earlier this month. The resolution came after the hacker responsible for the incident accepted a bounty offer and returned the majority of the stolen tokens within a designated timeframe.

Hacker Returns Funds Within ‘Safe Harbor’ Window

On April 23, ZKsync confirmed through an official statement on X (formerly Twitter) that the perpetrator of the April 15 exploit agreed to return 90% of the stolen tokens. This was done in accordance with a 72-hour “safe harbor” offer made by the platform on April 21, which allowed the attacker to retain 10% as a bounty in exchange for the safe return of the remaining funds.

A total of three transactions were executed on the ZKsync Era blockchain on April 23, transferring $2.47 million in ZKsync tokens and $1.83 million in Ether to the platform’s Security Council address. An additional transfer of 776 ETH, valued at nearly $1.4 million, was sent to the Security Council’s Ethereum address. All transfers were completed within a 13-minute window, ensuring compliance with the platform’s stated deadline.

Incident Details and Immediate Response

The incident on April 15 involved a compromised administrative key that allowed the attacker to mint roughly 111 million ZK tokens from unclaimed airdrop reserves. The exploit targeted three airdrop distribution contracts without affecting core protocol systems or user funds. At the time of the hack, ZKsync was actively conducting a token distribution campaign, releasing 17.5% of its total supply to eligible participants.

In response, Matter Labs, the development firm behind ZKsync, implemented temporary transaction filtering to restrict movements from compromised addresses. The company clarified that this measure was feasible during the current Stage 0 rollout phase and could be lifted at any time through governance decisions.

Token Value Surge Boosts Recovery Amount

Interestingly, the total value of recovered assets exceeded the initially stolen amount due to an appreciation in token prices since the incident. Data from CoinGecko indicated a 16.6% increase in ZK token value and an 8.8% rise in Ether prices between April 15 and the time of recovery.

Governance to Decide on Next Steps

ZKsync has stated that the recovered assets are now held by the Security Council, with the platform’s governance framework set to determine their final allocation. 

In a statement, the team confirmed, 

“The assets are now in custody of the Security Council, and the decision on what will be done with the assets will be made by governance. The final investigation report is being prepared and will be published once completed.”

Matter Labs also reshared the recovery update on its official social media channels, reiterating its commitment to transparency. The company is expected to release a comprehensive report detailing the breach and subsequent actions once the investigation concludes.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice