Hacker Returns $5M to ZKsync After 10% Bounty Offer
1min read The hacker who exploited the Ethereum-based ZKsync blockchain, resulting in the theft of $5 million worth of tokens, has returned the stolen funds as part of a bounty deal. The ZKsync team announced that the hacker cooperated and returned the funds within the 72-hour deadline set by the project. The recovered assets included 44.6 million ZK tokens and 1,800 ETH tokens, which were handed over to the ZKsync Security Council.
In response to the hack, ZKsync offered the hacker a 10% bounty if 90% of the funds were returned within 72 hours. The hacker was warned that failure to return the tokens would result in the incident being escalated to law enforcement and becoming a criminal investigation. The hacker complied with the terms, sending approximately $2.47 million worth of ZKsync and $1.83 million worth of Ethereum, along with an additional $1.4 million of Ethereum to the ZKsync Security Council wallet. The funds were transferred within 10 minutes of each other, ensuring compliance with the deadline.
The original hack occurred when the attacker took control of an admin wallet and stole $5 million worth of ZKsync tokens intended for an airdrop. The attacker used the sweepUnclaimed() method to claim all remaining tokens in the airdrop wallet, releasing 111 million tokens. The development team at ZKsync promptly announced the incident and assured users that no other parts of the ecosystem had been compromised. The hack may have been facilitated by a vulnerability in ZKsync’s zero-knowledge proof processes, indicating that the hacker employed sophisticated methods to exploit the system.
Following the hack, ZKsync's price initially plummeted but quickly recovered. The value of Ethereum and ZKSync tokens has since risen, with Ethereum increasing by around 9% and ZKsync rising by 17%. This price recovery suggests that the market has responded positively to the resolution of the incident and the return of the stolen funds. The successful recovery of the assets highlights the effectiveness of ZKsync's negotiation efforts and the potential for safe harbor deals to resolve hacking incidents in the cryptocurrency industry.
The incident underscores the importance of robust security measures in the cryptocurrency industry. The hacker's decision to return the stolen assets was likely influenced by the financial incentive provided by the 10% bounty. This approach not only helped ZKsync recover the majority of the stolen funds but also demonstrated the potential for on-chain communication and safe harbor deals to mitigate the impact of hacking incidents. The successful resolution of this incident serves as a reminder of the need for continuous vigilance and proactive measures to safeguard digital assets in the ever-evolving landscape of cryptocurrency.
