Cryptocurrency
Reading Time: 2 minutes
- The ZKsync hacker has accepted a 10% bounty and returned the rest of the funds
- The hacker had stolen $5 million by exploiting a weakness in the project’s airdrop smart contract
- ZKsync said it has resolved the case and won’t press legal charges
Ethereum layer 2 platform ZKsync has confirmed that its hacker has agreed to take a 10% bounty and return the rest of the funds. The attacker had exploited a vulnerability in the project’s airdrop smart contracts to drain close to $5 million in ZK tokens and ETH. The recovered funds are under the custody of the protocol’s Security Council, awaiting a vote by the platform’s community on how to utilize the funds.
Cryptocurrency Hacker Given Three Days
ZKsync had sent the hacker an on-chain message on April 21 and offered him 10% of the funds as a bounty and a return window of 72 hours. At the time, the scaling layer said it would “publicly confirm the resolution […] upon receipt of the full amount […] before the end of the deadline.”
We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. As stated in the original Security Council message, the case is now considered resolved.
The assets are now in custody of the Security Council, and the decision on what… https://t.co/X0oejun9Tx
— ZK Nation (@TheZKNation) April 23, 2025
However, it said it would involve law enforcement agencies and pursue a “full criminal investigation” if the attacker chooses to keep the entire loot. The scaling layer said it’s now working to piece together the final investigation report.
Cryptocurrency Hacker Stole Unclaimed Tokens
According to on-chain sleuths and researchers, the ZKsync attacker minted new tokens and scooped unclaimed tokens from the protocol’s airdrop contract. He then moved the stolen funds through the scaling layer and the Ethereum mainchain.
The hacker’s decision to return the funds comes two months after the 1inch attacker returned $5 million he had siphoned from the platform after taking a $450,000 bounty. It also comes as the Bybit hackers continue moving and laundering the $1.5 billion they stole from the exchange despite offering a $140 million bounty.
With the ZKsync hacker returning the funds, it’s to be seen how the protocol will utilize the funds since they weren’t officially in active circulation.
