ZKsync Recovers $5.7M After Hacker Accepts Bounty Deal

ZKsync recovers $5.7M in stolen tokens, marking a major win for Web3 security. The hacker behind the April exploit accepted a 10% bounty offer and returned 90% of the stolen assets.

What is ZKsync?

ZKsync is a Layer 2 protocol developed by Matter Labs. It uses zk-rollups to reduce Ethereum’s congestion and minimize gas fees. By bundling multiple off-chain transactions and submitting a single cryptographic proof to Ethereum, ZKsync ensures faster throughput and lower costs without sacrificing decentralization or security.

In June 2024, ZKsync launched a ZK token airdrop, distributing 17.5% of its 21 billion token supply to early supporters. As of now, the network hosts nearly $59 million in total value locked and over $2 billion in tokenized real-world assets, based on DefiLlama and RWA.xyz data.

The April 15 Hack: Admin-Level Exploit

On April 15, ZKsync’s team detected an exploit in its airdrop distribution contract. A hacker compromised an administrator’s account and exploited the sweepUnclaimed() function. They minted 111 million unclaimed ZK tokens, valued at $5 million at the time.

The breach happened during the ongoing airdrop process. Luckily, no user funds were impacted. Both the ZKsync Association and ZK Nation community acted fast to contain the situation.

Hacker Accepts Bounty, Returns Stolen Assets

In response, ZKsync’s Security Council offered the attacker a 10% bounty if they returned 90% of the stolen funds within 72 hours. The deal aimed to recover funds while avoiding legal escalation.

The hacker accepted. On April 23, they transferred the following to ZKsync-controlled addresses:

• $2.47 million in ZK tokens
• $1.83 million in ETH on ZKsync Era
• 776 ETH (worth $1.4 million) to a linked Ethereum address

These transfers happened in just 13 minutes, well within the safe harbor window. Due to rising token prices, the recovered value now exceeds the original loss, totaling $5.7 million.

We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. As stated in the original Security Council message, the case is now considered resolved.

The assets are now in custody of the Security Council, and the decision on what… https://t.co/X0oejun9Tx

— ZK Nation (@TheZKNation) April 23, 2025

Market Response and Next Steps

Despite the successful recovery, ZK token prices moved only slightly — up 2% in 24 hours. Investor sentiment remains cautious, though optimistic. ZKsync confirmed a full post-mortem is underway and plans to share findings with the public.

The ZK Nation community will also help decide how to use or distribute the recovered assets.

Key Security Takeaways for Web3

This incident highlights ongoing security challenges in decentralized protocols. ZKsync’s bounty approach avoided prolonged conflict, restored user trust, and safeguarded its public image.

However, cybersecurity experts continue to warn about admin access vulnerabilities. Real-time monitoring, routine audits, and stronger internal controls are necessary as attacks grow more sophisticated. Web3 teams must evolve faster than bad actors to protect users and protocols.