The ZKsync Association has reclaimed $5 million worth of stolen tokens following a security breach that transpired on April 15, affecting the distribution contract for its airdrop.
The individual responsible for the hack consented to a 10% bounty in return for the return of 90% of the misappropriated assets, transferring nearly $5.7 million back to the ZKsync Security Council through three separate transactions on April 23.
In a statement on social media platform X, the ZKsync Association confirmed the resolution, indicating that the funds were returned within a designated 72-hour safe harbor period.
No User Funds Compromised, Says Matter Labs
Matter Labs, the entity behind the ZKsync protocol, also communicated updates, emphasizing that no user funds were impacted during the security breach.
Data from the blockchain reveals that the hacker transferred $2.47 million in ZK tokens and $1.83 million in Ether (ETH) on the ZKsync Era network, in addition to 776 ETH—valued at roughly $1.4 million—directly to the Security Council’s Ethereum address. These transfers were completed in less than 15 minutes.
The breach occurred when the hacker accessed ZKsync’s admin account, exploiting the airdrop contract’s sweepUnclaimed() function to mint 111 million unclaimed ZK tokens, which were valued at approximately $5 million at the time of the attack.
This exploit coincided with ZKsync’s ongoing initiative to distribute 17.5% of its token supply to ecosystem participants.
We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. As stated in the original Security Council message, the case is now considered resolved.
The assets are now in custody of the Security Council, and the decision on what… https://t.co/X0oejun9Tx
— ZK Nation (@TheZKNation) April 23, 2025
Interestingly, the amount recovered has exceeded the original stolen value, attributed to an increase in token prices since the incident.
According to CoinGecko, ZK tokens have appreciated by 16.6%, while ETH has risen by 8.8% since April 15.
Despite this positive outcome, the market response for ZK was tepid, with the token recording a 0.2% decline over the past 24 hours.
The ZKsync Association has announced intentions to publish a comprehensive report detailing the incident.
ZKsync Era, an Ethereum Layer 2 network utilizing zero-knowledge rollups, currently boasts nearly $59 million in total value locked (TVL) and over $2 billion in tokenized real-world assets, according to data from DeFiLlama and RWA.xyz.
Crypto Sector Suffers $1.6 Billion in Hacks During Q1
In the first quarter of 2025, the cryptocurrency landscape lost an astounding $1,635,933,800 due to 39 separate incidents, as reported by the blockchain security platform Immunefi.
The report highlighted that “Q1 2025 marks the worst quarter for hacks in the history of the crypto ecosystem.”
A significant portion of this loss can be traced back to just two hacks targeting centralized exchanges. Phemex experienced a loss of $69.1 million in January, while Bybit suffered a staggering $1.46 billion loss in February.
The total losses for this quarter represent a 4.7-fold increase compared to Q1 2024, when hackers and fraudsters stole $348,251,217.
Experts suggest that the notorious North Korean Lazarus Group may be behind the two largest attacks, having stolen $1.52 billion, which accounts for 94% of the total losses.
The post ZKsync Recovers $5M in Stolen Tokens After Hacker Accepts Bounty appeared first on Finance Newso.
