ZKSync Recovers 100% of $5M Stolen ZK Tokens After Breach

ZKSync, a prominent layer-2 scaling solution for Ethereum, has successfully recovered approximately $5 million in ZK tokens that were stolen during a recent security breach. The incident, which occurred on April 15, involved the unauthorized minting of roughly 111 million ZK tokens, valued at around $5 million at the time of the exploit. The vulnerability was specifically targeted at ZKSync’s airdrop distribution contracts and did not affect the broader protocol infrastructure, the ZK token contract, or governance operations.

The exploit was carried out by an attacker who bypassed standard allocation mechanisms and claimed unclaimed tokens from the network’s first distribution round. On-chain data later confirmed that the exploiter swapped approximately $3.5 million in stolen ZK tokens for Ethereum (ETH).

In response to the breach, ZKSync’s Security Council took swift action to mitigate the damage. The council issued an on-chain message to the attacker, offering a 10% bounty for returning 90% of the exploited funds. This proposal included specific wallet addresses for transferring ZK and ETH tokens across the ZKSync Era network and Ethereum’s mainnet. The agreement was contingent on the full return of funds by a 72-hour “safe harbor” window, which the attacker complied with, returning the funds within the specified timeframe.

ZKSync confirmed the resolution of the matter, stating that the assets have been successfully transferred and are now held in custody by the Security Council. The protocol governance will determine the final decision on the use of these recovered assets. A detailed forensic report on the incident and subsequent recovery is being prepared to provide transparency and accountability to the community.

The incident has prompted renewed scrutiny over smart contract access controls, particularly regarding admin key security and airdrop mechanisms. Despite the swift recovery, the exploit temporarily inflated the ZK token supply and triggered a market reaction. However, the price of ZK did not react significantly to the news, with just a 0.5% increase since the ZKSync revealed the agreement and recovery of funds.

ZKSync assured users that the incident did not compromise customer funds or core infrastructure. The protocol’s proactive approach in negotiating with the attacker and offering a bounty to recover the stolen funds has been seen as a strategic move to avoid prolonged legal proceedings and ensure the safety of the network. The recovered assets are currently under the control of the Security Council, pending governance deliberation on future handling.