|
Getting your Trinity Audio player ready...
|
ZKSync has successfully recovered nearly $5 million in ZK tokens following a security breach that targeted its airdrop distribution contracts. The swift action by the platform’s Security Council led to the return of the stolen assets within a 72-hour window offered to the attacker.
We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. As stated in the original Security Council message, the case is now considered resolved.
— ZK Nation (@TheZKNation) April 23, 2025
The assets are now in custody of the Security Council, and the decision on what… https://t.co/X0oejun9Tx
The security incident, which occurred on April 15th, involved the unauthorized minting of approximately 111 million ZK tokens. Exploiting a compromised admin key, the attacker bypassed standard token distribution protocols to claim unallocated tokens from ZKSync’s initial airdrop. Investigations revealed that the vulnerability was isolated to the airdrop contract, with ZKSync’s core infrastructure, governance mechanisms, and primary token contract remaining secure throughout the event.
Swift Response and Security Council Intervention
ZKSync responded rapidly to contain the breach. On-chain data indicated that the attacker had converted roughly $3.5 million of the illicitly obtained ZK tokens into Ethereum. The remaining funds remained untouched, paving the way for a negotiated resolution.
To facilitate the return of the assets, the ZKSync Security Council initiated an on-chain proposal. This message offered the hacker a 10% bounty in exchange for the return of 90% of the stolen funds. Specific wallet addresses were provided for seamless transfers across both the Ethereum and ZKSync Era networks. The attacker ultimately complied with the terms set forth by the Security Council, returning the majority of the misappropriated assets before the stipulated deadline.
Governance to Determine Future of Recovered Assets
ZKSync has confirmed that it will not pursue legal action against the hacker following the successful recovery. The returned assets include over 44.6 million ZK tokens and nearly 1,800 ETH, all of which are now securely held by the Security Council.
Also Read: UBS Successfully Tests Blockchain-Based Gold Trading on ZKSync: A Game Changer for Digital Assets
The future utilization of these recovered assets will be determined by ZKSync’s governance processes. In the interest of transparency and to inform future protocol decisions, a comprehensive forensic report detailing the exploit and the subsequent fund recovery is currently being prepared. This incident has also underscored the critical importance of robust admin key security within blockchain projects. ZKSync has emphasized that no user funds were affected by the breach and that the protocol’s core systems continued to operate without disruption.
The successful and swift negotiation has allowed ZKSync to avoid potentially protracted legal proceedings, with the majority of the stolen funds now safely back within the protocol’s control and awaiting governance decisions.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.
I’m a crypto enthusiast with a background in finance. I’m fascinated by the potential of crypto to disrupt traditional financial systems. I’m always on the lookout for new and innovative projects in the space. I believe that crypto has the potential to create a more equitable and inclusive financial system.
