The ZKsync Association has successfully recovered $5 million worth of stolen tokens following a security breach on April 15 involving its airdrop distribution contract.
The hacker behind the exploit agreed to a 10% bounty in exchange for returning 90% of the stolen assets, transferring nearly $5.7 million back to the ZKsync Security Council across three transactions on April 23.
In a statement posted on X, the ZKsync Association confirmed the cooperation, noting that the funds were returned within the designated 72-hour safe harbor window.
Matter Labs Confirms No User Funds Were Affected in ZKsync Security Incident
Matter Labs, the developer of the ZKsync protocol, also shared the update, reassuring users that no personal funds were compromised during the incident.
Blockchain data shows the hacker transferred $2.47 million in ZK tokens and $1.83 million in Ether (ETH) on the ZKsync Era network, along with an additional 776 ETH—valued at nearly $1.4 million—to the Security Council’s Ethereum address. The transfers were completed in under 15 minutes.
The breach occurred when the attacker gained access to ZKsync’s admin account and exploited the airdrop contract’s sweepUnclaimed() function, minting 111 million unclaimed ZK tokens valued at around $5 million at the time.
The exploit took place during ZKsync’s ongoing airdrop of 17.5% of its token supply to ecosystem participants.
Interestingly, the recovered amount surpassed the original stolen value due to a rise in token prices since the hack.
According to CoinGecko, ZK tokens have gained 16.6% and ETH has risen 8.8% since April 15.
Despite the positive resolution, ZK’s market response was muted, with the token down 0.2% over the past 24 hours.
The ZKsync Association announced plans to release a detailed report on the incident.
ZKsync Era, an Ethereum Layer 2 network leveraging zero-knowledge rollups, currently holds nearly $59 million in total value locked (TVL) and over $2 billion in tokenized real-world assets, based on data from DeFiLlama and RWA.xyz.
Crypto Lost $1.6 Billion to Hacks in Q1
In the first three months of 2025, the crypto ecosystem lost a whopping $1,635,933,800 across 39 incidents, according to the blockchain security platform Immunefi.
The report claimed, “Q1 2025 marks the worst quarter for hacks in the history of the crypto ecosystem.”
Most of that was the result of only two hacks of two centralized exchanges. Phemex suffered a $69.1 million loss in January, while Bybit lost $1.46 billion in February.
Subsequently, the total number of losses in the first quarter marks a 4.7x increase compared to Q1 2024. At that time, hackers and fraudsters stole $348,251,217.
Notably, experts assume that the infamous North Korean Lazarus Group is behind the two largest attacks. They stole $1.52 billion, or 94% of total losses.
The post ZKsync Recovers $5M in Stolen Tokens After Hacker Accepts Bounty appeared first on Cryptonews.
#ZKsync #Recovers #Stolen #Tokens #Hacker #Accepts #Bounty
