ZKsync Hacker Returns Stolen $5 Million Tokens, Receives Bounty in Return

The hacker, who exploited the Ethereum-based ZKsync blockchain for $5 million, has returned the funds as part of a bounty deal. Under the terms of the agreement, they were required to return the stolen funds within 72 hours and would not be pursued as hackers, but instead would be rewarded as bounty hunters. The ZKsync team said they were happy to announce that the hacker had cooperated and returned the funds within the allotted time frame. ZKsync was able to recover, through their negotiation efforts, 44.6 million ZK tokens and 1,800 ETH tokens. The ZKsync Security Council is responsible for the recovered tokens.

ZKsync, not long after the hack, offered the hacker a 10% bounty if 90% of the funds were returned within 72 hours. The hacker was warned that if the tokens were not returned, the incident would be escalated to law enforcement and would become a criminal investigation. The ZKsync price plunged after the incident but recovered not long after.

The hacker cooperated with ZKsync, sending around $2.47 million worth of ZKsync and $1.83 million worth of Ethereum. Another $1.4 million of Ethereum was sent to the ZKsync Security Council wallet. The hacker sent the funds within 10 minutes of each other. The funds were sent within the 72-hour deadline set by ZKsync.

Ethereum and ZKSync have risen in price since the attack, meaning that the recovered amount now exceeds the original funds. Ethereum increased by around 9%, while ZKsync rose by 17%. ZKsync may still go up further, given the good news. ZKsync had already planned to write a report on the incident, and now has a lot more to write about.

The original hack occurred when the hacker took control of an admin wallet and stole $5 million worth of ZKsync tokens. The funds were meant for an airdrop. The attacker used the sweepUnclaimed() method to claim all remaining tokens in the airdrop wallet, releasing 111 million tokens. The development team at ZKsync announced what had happened and assured users that no other parts of the ecosystem had been hacked.

The hack may have been the result of a vulnerability in ZKsync’s zero-knowledge proof processes. The hacker, if this is the case, would have had some sophisticated methods to pull off the exploit. ZachXBT, a crypto analyst, said that the hack was indicative of wider problems in the crypto industry, which could only be resolved with government regulation. 

The first quarter of 2025 was the worst in cryptocurrency history, with over $1.6 billion in stolen funds. The majority of the hacks were with 2 centralized exchanges, including Bybit at $1.46 billion and Phemex at $69.1 million. There were 39 incidents in Q1 2025, which has spurred a lot of interest in crypto security.