A hacker who drained nearly $5 million from Ethereum scaling protocol ZKsync’s airdrop contract has returned the stolen funds within the project’s 72-hour deadline, closing the chapter on the recent exploit.
“We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline,” ZKsync posted on X, formerly Twitter. “The case is now considered resolved.”
The recovered assets, consisting of over 44.6 million ZK tokens and nearly 1,800 ETH, are now under the custody of the ZKsync Security Council, which will determine the next steps via governance.
The deal follows an exploit that took place earlier this week, targeting a “compromised key” behind the ZK token airdrop contract, which allowed the attacker to mint new tokens and reroute unclaimed funds.
The attacker then transferred the funds across both Ethereum and ZKsync’s own Layer 2 network.
“All user funds are safe and have never been at risk,” ZKsync said in a Tuesday post. “The ZKsync protocol and ZK token contract remained secure.”
The protocol responded later by issuing an on-chain message offering the attacker a 10% bounty if 90% of the funds were returned within 72 hours.
If the offer was ignored, ZKsync warned the hacker that the case would be escalated to law enforcement to pursue a “full criminal investigation.”
The ZK token’s price briefly plunged to $0.04 after the exploit but has since stabilized near $0.05, down 2.6% over the last 24 hours, according to CoinGecko data.
Following the return of the stolen funds, ZKsync said that a final investigation report is in the works and will be published once complete.
Hackers abound
The incident is the latest in a string of attacks plaguing the crypto sector this year. According to blockchain security firm Immunefi, nearly $1.6 billion in crypto has already been stolen in the first two months of the year.
A separate report from blockchain security firm CertiK paints an equally concerning picture, noting that the first quarter of the year saw a loss of $1.67 billion due to hacks, scams, and exploits, already accounting for over two-thirds of all stolen funds in 2024.
Much of this total was driven by the catastrophic Bybit exploit, which alone resulted in $1.45 billion in losses and has raised industry-wide concerns about centralized exchange security practices.
Private key compromises continued to dominate as a critical threat vector, responsible for $142.3 million in losses across just 15 incidents.
Alarmingly, only 0.38% of stolen funds were recovered this quarter, down from over 42% in the previous quarter. In February alone, not a single dollar was returned, the report said.
Meanwhile, Ethereum remained the most targeted, suffering nearly $1.54 billion in theft across 98 incidents.
Edited by Sebastian Sinclair
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
