ZKSync Association has successfully recovered over $5 million worth of tokens stolen during an exploit on April 15. The breach was made possible through a compromised admin key, which the attacker used to mint approximately 111 million ZK tokens.
In a post shared on X, the company confirmed that the hacker returned 90% of the stolen assets in exchange for a 10% bounty, in line with ZKSync’s 72-hour “safe harbor” policy. This mechanism allows attackers to return stolen funds within a limited window in exchange for partial immunity and a reward.
We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. As stated in the original Security Council message, the case is now considered resolved.
The assets are now in custody of the Security Council, and the decision on what… https://t.co/X0oejun9Tx— ZK Nation (@TheZKNation) April 23, 2025
The hacker complied with the offer, transferring back nearly 45 million ZK tokens and over 1,700 ETH to addresses controlled by ZKSync’s Security Council.
ZKSync clarified that the exploit affected only three airdrop distribution contracts, with no impact on the core protocol or user funds.
This recovery represents a rare success in the crypto industry, where most attacks go unresolved and losses are often permanent.