ZKsync Reaches Agreement with Hacker for Return of $5 Million

The perpetrator who stole ZK tokens valued at approximately $5 million from the ZKsync airdrop smart contract has returned the funds within the deadline set by the project’s team.

We’re pleased to share that the hacker has returned the funds within the safe harbor deadline. https://t.co/RarXl1ALVv

— ZKsync (∎, ∆) (@zksync) April 23, 2025

On April 15, security experts from the L2 network identified a compromise of an administrative account. Through this, the hacker intercepted unclaimed balances following the token distribution.

On April 21, the ZKsync Security Council offered the hacker 72 hours to return the stolen assets, leaving 10% as a reward.

A message from ZKsync Security Council to the Hacker:

To resolve this matter amicably in the spirit of safe harbor, we are offering a 10% bounty for your cooperation if you return 90% of the funds involved in the exploit. Specifically:

1⃣ Sending 44,687,278.5988 ZK tokens to…

— ZK Nation (@TheZKNation) April 21, 2025

“If the funds are not returned by the deadline, the matter will be referred to law enforcement for a full-scale criminal investigation,” the statement said.

On April 23, approximately 1021 ETH and 44.7 million ZK were sent to the address specified by the Council. The value of the assets at the time of writing is about $4.25 million.

“As stated in the initial message from the Security Council, the matter is now considered closed,” confirmed ZKsync.

Following the breach, ZK prices plummeted to $0.04. Subsequently, the price recovered to $0.058. Over the past 24 hours, the rate has fallen by 2.7% amid a 3.5% correction in the overall market capitalization (CoinGecko). The ZKsync token is trading around $0.055.

Back in June 2024, the project conducted an airdrop of 3.6 billion ZK. Following the large-scale distribution, key metrics of ZKsync significantly declined.