ZKsync has recovered funds stolen in a recent exploit after the hacker returned 90% of the assets in exchange for a 10% bounty.
Background:
- ZK Nation, the decentralized community behind the ZKsync Layer 2 protocol, confirmed on Wednesday that the protocol has successfully recovered stolen tokens worth over $5 million.
- The hacker had exploited an admin account on April 15, compromising unclaimed tokens left over from a prior ZKsync airdrop. According to the team, no user funds were impacted, and the exploit was limited to leftover treasury assets.
- In response, the ZKsync Security Council issued a 72-hour deadline to the attacker, offering a 10% bounty if 90% of the tokens were returned. The offer was accepted within the safe harbor period, preventing the case from escalating to legal action.
- With crypto market fluctuations, the returned funds have since appreciated and are now worth approximately $5.66 million, according to on-chain data.
Why should you pay attention?
- This incident highlights the growing use of bounty-based recovery methods as a way to de-escalate blockchain exploits without resorting to prolonged legal action or failed fund traces.
- ZKsync’s swift response and resolution offer a case study in decentralized protocol crisis management, showing how governance and security councils can collaborate in real-time to protect protocol integrity.
- The recovered funds are now under the custody of the ZKsync Security Council, with decisions on their future usage to be made via community governance, reinforcing the project’s decentralized structure.
Who said what?
- ZK Nation, in a statement on X:
“We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. The case is now considered resolved. The assets are now in custody of the Security Council, and the decision on what will be done with the assets will be made by governance.”
- Security Council of ZKsync, in its bounty offer earlier this week:
The Council had stated that if the funds were not returned within 72 hours, the case would be escalated to a full criminal investigation.
- Blockaid, a Web3 security firm, previously reported that ZKsync users were being targeted by malicious dApps impersonating the protocol, especially during and after the token airdrop.
Zooming out:
- ZKsync, developed by Matter Labs, is one of Ethereum’s leading Layer 2 scaling solutions, with a circulating token supply launched during its airdrop last June.
- While the stolen tokens were unclaimed and unrelated to user wallets, the hack reignited discussions about airdrop mechanics, treasury management, and the role of admin-level access in decentralized protocols.
- The outcome reflects a growing preference for ethical hacker bounty programs, which are being used as practical alternatives to prosecution or trace-heavy fund recovery.
