ZKsync Recovers $5.7M Stolen Tokens After Hacker Returns 90%

Coin WorldThursday, Apr 24, 2025 1:16 am ET

1min read

ETH--

The ZKsync Association has successfully recovered $5 million worth of stolen tokens following a security incident on April 15. The incident involved the exploitation of the airdrop distribution contract, which allowed the hacker to

mint

111 million unclaimed ZK tokens worth approximately $5 million at the time of the attack. The hacker breached ZKsync’s admin account and exploited the sweepUnclaimed() function to carry out the theft.

The hacker agreed to return 90% of the stolen tokens in exchange for a 10% bounty. This agreement led to the transfer of nearly $5.7 million across three transactions on April 23. The first transfer, made at 2:39:57 pm UTC, included $2.47 million worth of ZKsync (ZK) tokens and $1.83 million worth of Ether (ETH) sent to the ZKsync Security Council’s ZKsync Era address. Another transfer of 776 ETH, worth nearly $1.4 million, was sent to their security council’s Ethereum address. All transfers were completed within the 72-hour window set by ZKsync.

The ZKsync Association confirmed that no user funds were compromised during the incident. The company also announced that a final report detailing more information about the security incident would be published. The recovered amount exceeded the original $5 million stolen due to an increase in the market value of the stolen tokens. ZK and ETH increased by 16.6% and 8.8% respectively since the April 15 attack.

ZKsync Era, an Ethereum layer 2 solution, uses zero-knowledge rollups to batch and process transactions offchain. It has nearly $59 million in total value locked on its chain and over $2 billion in real-world assets onchain. Despite the asset recovery, the ZK token did not experience a substantial rise in value and is currently down 0.2% over the last 24 hours.

The successful recovery of the stolen tokens highlights the effectiveness of the bounty program in incentivizing hackers to return stolen assets. This incident also underscores the importance of robust security measures in protecting digital assets and the need for continuous monitoring and improvement of security protocols. The ZKsync Association’s prompt response and cooperation with the hacker demonstrate their commitment to ensuring the safety and security of their platform and users.

Comments

﻿

Add a public comment...

No comments yet

Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.