ZKsync Reclaims $5.66M After 10% Bounty Offer

ZK Nation, the decentralized community overseeing the ZKsync protocol, announced that it has successfully recovered stolen funds from a hack that occurred earlier this month. The recovery was made possible after a 10% bounty was accepted by the attacker, who returned the stolen assets within a 72-hour window. The assets, now in custody of the Security Council, are valued at approximately $5.66 million, exceeding the initial value of the stolen funds due to an increase in their value since the exploit.

The hack, which took place on April 15, involved a compromised admin account that controlled around $5 million worth of ZKZK-- tokens. These tokens were leftover, unclaimed tokens from the ZKsync airdrop. The security team assured that all user funds were safe and that there was no ongoing risk of further hacks. The attacker exploited the system by bypassing standard allocation mechanisms and claiming unclaimed tokens from the network’s first distribution round. On-chain data later confirmed that the exploiter swapped approximately $3.5 million in stolen ZK tokens for Ethereum (ETH).

In response to the incident, the ZKsync Security Council offered the hacker a 10% bounty if 90% of the stolen funds were returned within 72 hours. The council stated that it would escalate the case to a full criminal investigation if the offer was not accepted. The attacker agreed to the terms, and the funds were successfully transferred within the specified time frame. The decision on what will be done with the assets will be made by governance, and a final investigation report is being prepared and will be published once completed.

ZKsync, created by Matter Labs, is a Layer 2 solution on Ethereum. The project launched its token airdrop last June with a total supply of 21 billion. The incident has prompted renewed scrutiny over smart contract access controls, particularly regarding admin key security and airdrop mechanisms. The swift recovery of the stolen tokens highlights ZKSync’s proactive approach to security and its commitment to protecting user assets. Despite the temporary inflation of the ZK token supply and the market reaction, the price of ZK did not react significantly to the news, reflecting the market’s confidence in ZKSync’s ability to handle security incidents effectively.