ZKsync Hacker Returns 90% of Stolen Funds for Bounty – Details Inside
The attacker behind the April 15 ZKsync key compromise agreed to the bounty terms and returned 90% of the funds within three days. The remaining 10% now serves as their bounty fee.
On April 15, ZKsync’s airdrop wallet was compromised. Just days later, the team announced that nearly $5 million in tokens has been successfully returned.
The attacker agreed to a 10% bounty and transferred 90% of the assets back to the ZKsync Security Council within a 72-hour window. User funds were not affected at any point, and the case has been formally closed.
We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. As stated in the original Security Council message, the case is now considered resolved,
ZK Nation posted on X.
On April 23, the hacker executed three transactions:
- Transferring $2.47 million in native ZK tokens,
- Sending $1.83 million in ETH to the official Security Council wallet,
- And forwarding 776 ETH—roughly $1.4 million—to a specified Ethereum address shared during negotiations.
The combined return totaled $5.7 million, a figure that surpassed the original stolen amount due to rising market prices for ZK and ETH after the breach. While the event posed no financial damage to ZKsync, it surfaced critical opportunities to refine security protocols going forward.
Сheck this out: ZKsync Hit by Hack—$5M in Airdrop Tokens Stolen
Breach and Return: What Happened
Using a leaked administrative key, the attacker gained access to critical contract functions, allowing them to:
- trigger the sweepUnclaimed() function,
- and mint 111 million ZK tokens that had remained unclaimed during the airdrop—worth roughly $5 million at the time.
ZKsync responded swiftly by announcing a bounty framework: if 90% of the assets were returned within a 72-hour window, the attacker would be allowed to retain 10% and would not be pursued legally.
This kind of message to hackers isn't rare—it's actually a typical move in crypto circles, used to motivate white-hat outcomes rather than full-scale exploits.
Related: The World of Hackers: Decoding the Shades of Their Hats
Ongoing Action and Market Considerations
With the dust settling, the ZKsync Security Council is preparing its final report, and a governance vote will soon determine the fate of the recovered tokens.
Meanwhile, a deeper investigation into the key compromise is already underway—its insights expected to guide the next phase of protocol security upgrades, with the goal of preventing such exploits from recurring.
CertiK’s latest security report points to a sobering fact: in Q1 2025, only 0.38% of stolen crypto funds were successfully recovered—a reminder of how far the space still has to go in building resilient security practices.
That said, the ZK token remained largely unaffected in the market. At the time of writing, it’s holding above $0.054, with a day-over-day dip of just 2.9%.
Read on: ZKsync Terminates Ignite Rewards Program Amid Market Volatility
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
