In brief
- A Hacker has returned nearly $5 million to ZKsync after accepting a 10% bounty under a safe harbor deal.
- The funds were originally stolen by exploiting a compromised airdrop contract.
- The incident adds to $1.67B in crypto losses in Q1 2025, with Ethereum hit hardest.
A hacker who drained nearly $5 million from Ethereum scaling protocol ZKsync’s airdrop contract has returned the stolen funds within the project’s 72-hour deadline, closing the chapter on the recent exploit.
“We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline,” ZKsync posted on X, formerly Twitter. “The case is now considered resolved.”
The recovered assets, consisting of over 44.6 million ZK tokens and nearly 1,800 ETH, are now under the custody of the ZKsync Security Council, which will determine the next steps via governance.
The deal follows an exploit that took place earlier this week, targeting a “compromised key” behind the ZK token airdrop contract, which allowed the attacker to mint new tokens and reroute unclaimed funds.
The attacker then transferred the funds across both Ethereum and ZKsync’s own Layer 2 network.
“All user funds are safe and have never been at risk,” ZKsync said in a Tuesday post. “The ZKsync protocol and ZK token contract remained secure.”
The protocol responded later by issuing an on-chain message offering the attacker a 10% bounty if 90% of the funds were returned within 72 hours.
If the offer was ignored, ZKsync warned the hacker that the case would be escalated to law enforcement to pursue a “full criminal investigation.”
The ZK token’s price briefly plunged to $0.04 after the exploit but has since stabilized near $0.05, down 2.6% over the last 24 hours, according to CoinGecko data.
Following the return of the stolen funds, ZKsync said that a final investigation report is in the works and will be published once complete.
Hackers abound
The incident is the latest in a string of attacks plaguing the crypto sector this year. According to blockchain security firm Immunefi, nearly $1.6 billion in crypto has already been stolen in the first two months of the year.
A separate report from blockchain security firm CertiK paints an equally concerning picture, noting that the first quarter of the year saw a loss of $1.67 billion due to hacks, scams, and exploits, already accounting for over two-thirds of all stolen funds in 2024.
Much of this total was driven by the catastrophic Bybit exploit, which alone resulted in $1.45 billion in losses and has raised industry-wide concerns about centralized exchange security practices.
Private key compromises continued to dominate as a critical threat vector, responsible for $142.3 million in losses across just 15 incidents.
Alarmingly, only 0.38% of stolen funds were recovered this quarter, down from over 42% in the previous quarter. In February alone, not a single dollar was returned, the report said.
Meanwhile, Ethereum remained the most targeted, suffering nearly $1.54 billion in theft across 98 incidents.
Edited by Sebastian Sinclair
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
