ZKSync recovers $5M in stolen tokens

1 minute

ZK tokens.

ZKSync Association has successfully recovered over $5 million worth of tokens stolen during an exploit on April 15. The breach was made possible through a compromised admin key, which the attacker used to mint approximately 111 million ZK tokens.

In a post shared on X, the company confirmed that the hacker returned 90% of the stolen assets in exchange for a 10% bounty, in line with ZKSync’s 72-hour “safe harbor” policy. This mechanism allows attackers to return stolen funds within a limited window in exchange for partial immunity and a reward.

Subscribe to our

Get weekly updates on the newest crypto stories, case studies and tips right in your mailbox.

We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. As stated in the original Security Council message, the case is now considered resolved.

The assets are now in custody of the Security Council, and the decision on what… https://t.co/X0oejun9Tx
— ZK Nation (@TheZKNation) April 23, 2025

The hacker complied with the offer, transferring back nearly 45 million ZK tokens and over 1,700 ETH to addresses controlled by ZKSync’s Security Council.

ZKSync clarified that the exploit affected only three airdrop distribution contracts, with no impact on the core protocol or user funds.

This recovery represents a rare success in the crypto industry, where most attacks go unresolved and losses are often permanent.

Disclaimer: The articles on Coinheadlines are meant for news and information purposes only, not financial advice. Cryptocurrencies and business investments are risky. Always do your own research before investing.