Recommended

#BTCCOGWEEK: Celebrate the Classics of Meme Coins
Crypto Deposit Make instant crypto transfers to your futures account
USDT-M Perpetual Futures Trade futures contracts settled in USDT
VIP Fee Discounts Enjoy different fee discounts based on your VIP level
Coin-M Perpetual Futures Trade futures contracts settled in cryptocurrency
Fiat Deposit Buy your favourite coins in seconds
Affiliates Invite friends & get rewarded
Convert Covert your crypto instantly
Support Centre Find our FAQs here
Announcements Find all our official announcements
BTCC Academy Learn about blockchain and crypto
News The latest trends in the crypto market

Promotions

Referral
Campaigns
Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / Cryptoslate /
ZKSync Recovers $5M in Stolen Tokens—Hacker Takes Bounty Deal

ZKSync Recovers $5M in Stolen Tokens—Hacker Takes Bounty Deal

Author:
Cryptoslate
Published:
2025-04-23 22:00:18
14
1

ZKSync reclaims stolen $5 million tokens after hacker claims bounty offer

In a plot twist even Wall Street would applaud, ZKSync clawed back $5 million from a digital heist after the attacker caved for a white-hat payout. No lawyers, no SWAT teams—just cold, hard code and a profit motive. The blockchain giveth, and the blockchain taketh away (with the right incentive).

Negotiated return avoids escalation

The exploit occurred on April 15 and involved the unauthorized, equivalent to about $5 million at the time, through a compromised admin key.

The vulnerability was confined to ZKSync’s airdrop distribution contracts and did not affect the broader protocol infrastructure, ZK token contract, or governance operations.

The attacker bypassed standard allocation mechanisms and claimed unclaimed tokens from the network’s first distribution round. On-chain data later confirmed that the exploiter swapped approximately $3.5 million in stolen ZK tokens for Ethereum (ETH).

ZKSync assured users that the incident did not compromise customer funds or CORE infrastructure.

To avoid prolonged legal proceedings, ZKSync’s Security Council issued an on-chain message to the attacker, offering a 10% bounty for returning 90% of the exploited funds.

The proposal included specific wallet addresses for transferring ZK and ETH tokens across the zksync Era network and Ethereum’s mainnet.

The agreement was contingent on the full return of funds by the stated deadline. ZKSync confirmed the resolution of the matter with the assets successfully transferred, adding that it won’t take further action against the attacker. 

Governance to decide asset allocation

The recovered assets are currently under the control of the Security Council, pending governance deliberation on future handling. The incident has prompted renewed scrutiny over smart contract access controls, particularly regarding admin key security and airdrop mechanisms.

Despite the swift recovery, the exploit temporarily inflated the ZK token supply and triggered a market reaction. 

Moreover, the price of ZK did not react to the news, with just a 0.5% increase since the ZKSync revealed the agreement and recovery of funds.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service
Social Media

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved