Share this article

ZKSync Hacker Returns $5M in Stolen Tokens After Accepting 10% Bounty

The hacker cooperated with the ZKsync team and returned the funds within the “safe harbor” deadline while taking a 10% bounty..

Glasses in front of monitors with code (Kevin Ku/Unsplash)
The ZKSync hacker returned tokens stolen from an admin wallet. (Kevin Ku/Unsplash)

What to know:

  • Nearly $5 million worth of stolen ZK tokens were returned after the hacker accepted a 10% bounty.
  • The hacker returned the funds within the “safe harbor” deadline.
  • The ZKsync Security Council will determine the fate of the recovered tokens.

ZKsync said $5 million worth of tokens stolen during an admin wallet hack last week have been returned and the case is now considered resolved.

The layer-2 blockchain protocol saw a hacker compromise its admin wallet, leading to the theft of unclaimed tokens from the ZKsync airdrop.

jwp-player-placeholder
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the The Protocol Newsletter today. See all newsletters

In a post on X, the project said the hacker cooperated with the team and returned the funds within the “safe harbor” deadline — a grace period commonly offered in security incidents to incentivize returns without legal consequence. The cooperation means the hacker took a 10% bounty.

The tokens are now in custody of the ZKsync Security Council and a governance process will determine what to do with them. A final investigation report is being prepared and will be published when complete.

Francisco Rodrigues

Francisco is a reporter for CoinDesk with a passion for cryptocurrencies and personal finance. Before joining CoinDesk he worked at major financial and crypto publications. He owns bitcoin, ether, solana, and PAXG above CoinDesk's $1,000 disclosure threshold.

Francisco Rodrigues