ZKsync Hacker Returns Nearly $5 Million in Crypto After Accepting 10% Bounty

After a sensational exploit from the ZKsync airdrop contract, the attacker has returned nearly all of the stolen funds, capping off one of the most notable security incidents of Q1 2025.

ZKsync, a prominent Layer-2 project in the Ethereum ecosystem, confirmed on April 16 that the hacker behind the nearly $5 million exploit from its airdrop contract has agreed to return the stolen funds after accepting the 10% bounty offer as part of the project’s “safe harbor.”

“We are pleased to announce that the hacker was cooperative and returned the funds within the 72-hour period,” ZKsync shared on the X platform. “The incident has now been resolved.”

The recovered assets — which include more than 44.6 million ZK tokens and approximately 1,800 ETH — are now managed by the ZKsync Security Council, which will coordinate with the community through governance to decide what to do with the assets.

Compromised Key Vulnerability

The incident stemmed from a “compromised admin key” in the ZK token airdrop contract, allowing the attacker to mint new tokens and reroute unclaimed distributions. The hacker then transferred the funds through both Ethereum and the ZKsync Layer-2 network to hide the incident.

However, ZKsync asserted: “All user assets are safe and unaffected. The ZK protocol and token contract remain secure.”

The move to offer a 10% “white bounty” to encourage the hacker to return 90% of the funds within three days was seen as an effective strategy to recover assets and avoid a full-blown criminal investigation.

ZK Price Drops After Exploit

The ZK token price plummeted to $0.04 following the incident, according to data from CoinGecko. However, since the refund was announced, the price has recovered slightly and is currently trading around $0.05, although it is still about 8% lower than it was before the exploit.

ZKsync said that a full investigation report will be released once a technical review and internal processes are complete.

The ecosystem continues to face many risks

The ZKsync incident is part of a wave of attacks targeting the cryptocurrency sector in early 2025. According to reports from Immunefi and CertiK, in Q1 alone, the industry recorded losses of up to $1.67 billion from hacks, scams, and exploits. Ethereum was the most affected blockchain, with 98 incidents and a total loss of nearly $1.54 billion.

In particular, private key exposure continued to be a serious threat, causing losses of $142.3 million in just 15 incidents. Despite the industry's progress in security, the recovery rate of stolen assets this quarter was only 0.38%, down sharply from 42% in the previous quarter.

The event at ZKsync is considered one of the rare cases where a major exploit was resolved quickly through negotiation and reward payment, opening a new precedent for protocols looking for a flexible approach to sophisticated attacks in the Web3 space.