The ZKSync Hacker returns stolen $5 million in exchange for a 10% bounty
The ZKSync protocol can breathe a sigh of relief as the $5 million worth of stolen tokens from its administrator wallet hack has been returned. The attacker has agreed to cooperate with the project team, taking advantage of the ‘safe harbor’ period to return the funds without facing any legal consequences, in exchange for a 10% reward.
A Vulnerability Exploited During an Airdrop
The exploited vulnerability was related to an administrator wallet connected to the ZK token airdrop. The hacker managed to divert the equivalent of $5 million in unclaimed tokens. The second layer protocol, designed to improve Ethereum’s scalability through ZK rollup technology, quickly reassured users.
We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. As stated in the original Security Council message, the case is now considered resolved.
The assets are now in custody of the Security Council, and the decision on what… https://t.co/X0oejun9Tx
— ZK Nation (@TheZKNation) April 23, 2025
It was on Twitter (formerly known as X) that ZKSync announced the complete restitution of the funds. The now ‘cooperative’ hacker responded favorably to the team’s bounty offer: a 10% reward in exchange for returning the assets within the specified deadline.
A Governance Process for the Future
The recovered tokens are now under the responsibility of the ZKSync Security Council, the body in charge of ensuring the security and governance of the protocol. The council will decide on how to proceed with the recovered funds, likely by consulting the community through a vote or a formal governance proposal.
A comprehensive report on the incident is being drafted and will be made public. It will detail the exploited vulnerability, the circumstances surrounding the flaw, and the measures taken to prevent a recurrence.
Safe Harbor: A Divisive Practice
The strategy of ‘safe harbor,’ a temporary amnesty allowing a hacker to return funds without facing legal action, has sparked debates. Some see it as a pragmatic way to limit the damage in the event of a successful attack, while others criticize it as a weak signal sent to cybercriminals.
In the case of ZKSync, the swift resolution of the incident demonstrates that the protocol has a responsive organization and a well-defined security framework. It remains to be seen how the governance will use this incident to enhance user trust as the network approaches key milestones in its development.
