Source: Cointelegraph
Original: “Hacker Accepts Bounty Agreement, ZKsync Successfully Recovers $5 Million in Stolen Tokens”

The ZKsync Association has confirmed the recovery of approximately $5 million in tokens stolen during a security incident on April 15. This incident involved its airdrop distribution contract.

The hacker agreed to accept a 10% bounty and returned 90% of the stolen tokens, transferring nearly $5.7 million back to the ZKsync Security Council through three transactions on April 23.

“We are pleased to announce that the hacker has cooperated and returned the funds within the 'safe harbor' period,” the ZKsync Association announced on the X platform on April 23, a message that was subsequently retweeted by the official ZKsync account.

The developers of the ZKsync protocol, Matter Labs, also retweeted this news on the X platform.

ZKsync had previously confirmed that no user funds were affected in this incident.

The hacker conducted two transfers via the ZKsync Era blockchain, with amounts of $2.47 million in ZKsync (ZK) tokens and $1.83 million in Ethereum (ETH), both sent to the ZKsync Security Council's ZKsync Era address.

According to Etherscan data, an additional 776 Ethereum, valued at approximately $1.4 million, was also transferred to the council's Ethereum address.

The first transfer occurred at 2:39:57 PM UTC on April 23, with the last transfer completed about 13 minutes later, all within the 72 hours initially set by ZKsync.

The ZKsync Association stated that the company will release a final report revealing more details about this security incident.

How the Hacker Attacked

The hacker compromised ZKsync's admin account, exploiting a vulnerability in the airdrop distribution contract's sweepUnclaimed() function to mint 111 million unclaimed ZK tokens, which were valued at approximately $5 million at the time.

This attack occurred while ZKsync was in the process of airdropping 17.5% of its ZK token supply to ecosystem participants.

The amount recovered, nearly $5.7 million, exceeded the initial $5 million stolen, primarily due to the increase in the market value of the stolen tokens—according to CoinGecko, since the April 15 attack, the prices of ZK and Ethereum have risen by 16.6% and 8.8%, respectively.

Despite the recovery of funds, the price of ZK tokens has not significantly increased, currently down 0.2% in the past 24 hours.

ZKsync Era is an Ethereum-based Layer 2 solution that uses zero-knowledge rollup technology to batch process off-chain transactions. According to DefiLlama and RWA.xyz data, its total value locked (TVL) on-chain is close to $59 million, with on-chain real assets exceeding $2 billion.

Related: The Central Bank and Ministry of Finance of Russia to Launch Cryptocurrency Exchange

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。