The ZKsync Association has announced that it successfully recovered $5 million worth of stolen tokens during a security breach on April 15. The incident was linked to a vulnerability in their airdrop distribution contract. The hacker agreed to keep a 10% bounty and returned the remaining 90% of the stolen tokens. On Apr. 23, they transferred nearly $5.7 million back to the ZKsync Security Council in three separate transactions.
The hacker returned two transfers on the ZKsync Era blockchain, one with $2.47 million in ZKsync tokens and another with $1.83 million in Ethereum to the ZKsync Security Council’s address on the same network. According to Etherscan, the hacker also transferred 776 ETH, valued at around $1.4 million, to the council’s Ethereum address.
ZKsync hack and recovery details
The first transfer was made on Apr. 23 at 2:39:57 PM UTC and the last one about 13 minutes later, all within the 72 hours that ZK Sync had originally set. The ZKsync Association mentioned that they would release a final report with more details about the security incident.
A hacker breached ZKsync’s admin account and used it to exploit a vulnerability in the airdrop distribution contract. He took advantage of the sweepUnclaimed() function to mint 111 million unclaimed ZK tokens, worth around $5 million at the time of the attack on Apr. 5.
The recovered amount, nearly $5.7 million, surpassed the $5 million originally stolen due to the rising market value of the stolen tokens, with ZK and ETH gaining 16.6% and 8.8%, respectively, since the Apr. 15 attack, according to CoinGecko data. Despite the asset recovery, the ZK token didn’t see much of a rise from the news and is currently down by 0.2% in the last 24 hours.
ZKsync Era is an Ethereum Layer 2 solution that uses zero-knowledge rollups to process transactions off-chain. It currently holds almost $59 million in total value locked (TVL) and has more than $2 billion worth of real-world assets on the chain, as reported by DefiLlama and RWA.xyz.
