In a major win for Web3 security, ZKsync recovers $5.7M in stolen tokens after a recent exploit. The recovery followed the hacker’s agreement to return 90% of the stolen funds in exchange for a 10% bounty.
What is ZKsync?
ZKsync is a Layer 2 scaling solution for Ethereum developed by Matter Labs. It leverages zero-knowledge rollups (zk-rollups) to bundle hundreds of transactions off-chain and submit a single proof to the Ethereum mainnet, drastically reducing gas fees while increasing throughput. With its mission to make blockchain scalable without compromising security or decentralization, ZKsync has become one of the most prominent solutions in the Ethereum ecosystem.
The protocol gained major attention in June 2024 when it launched the ZK token airdrop, distributing 17.5% of its total supply (out of 21 billion tokens) to early users and contributors. ZKsync currently boasts nearly $59 million in total value locked (TVL) and over $2 billion in tokenized real-world assets (RWA) across its ecosystem, according to data from DefiLlama and RWA.xyz.
The April 15 Hack: A Targeted Admin Breach
On April 15, ZKsync’s security team detected a cyberattack targeting its airdrop distribution contract. The hacker managed to breach an administrator account and exploited the sweepUnclaimed() function, minting 111 million unclaimed ZK tokens — worth approximately $5 million at the time.
The attack occurred while ZKsync was still in the process of distributing airdrop tokens to ecosystem participants. Fortunately, no user funds were affected. The ZKsync Association and the community-led ZK Nation responded quickly to contain the damage.
Bounty Offer Results in Token Recovery
Following the breach, ZKsync’s Security Council offered the hacker a 10% bounty if they returned 90% of the stolen assets within a 72-hour “safe harbor” window. The bounty approach to avoid legal escalation while incentivizing the return of the funds.
The hacker agreed to the terms, and on April 23, they transferred:
- $2.47 million in ZK tokens
- $1.83 million in ETH to the ZKsync Era blockchain address controlled by the Security Council.
Additionally, 776 ETH, valued at nearly $1.4 million, was sent to their Ethereum address.
All transactions completed within 13 minutes, well inside the 72-hour timeframe. Due to the rising prices of both ZK and ETH — which have increased 16.6% and 8.8% respectively since the hack. ZKsync Recovers $5.7M Tokens, exceeding the original stolen amount.
Market Impact and Ongoing Investigation
Despite the successful recovery, the ZK token saw little market movement following the announcement. Despite the positive developments, the ZK token has only seen a modest 2% increase over the past 24 hours. Although investor sentiment remains cautiously optimistic.
ZKsync has confirmed that a full post-mortem report is in progress and will be released soon. The community and token holders will also have a say in determining how the recovered assets will be handled moving forward.
Lessons for Web3 Security
This incident serves as a crucial reminder of the security vulnerabilities that continue to plague the crypto space, even for advanced projects like ZKsync. The pragmatic bounty-based approach used in this case helped prevent further losses, de-escalate legal risks, and maintain the protocol’s reputation.
However, cybersecurity experts stress the need for stronger controls over admin access, real-time threat detection, and proactive audits. As the Web3 industry grows, so does the sophistication of attacks — and protocols must evolve accordingly.
