ZKSync Recovers $5M in Tokens After Airdrop Exploit, Governance to Decide Next Steps

ZKSync confirms recovery of $5M in stolen tokens after airdrop exploit attacker returned funds within safe harbor window.

Posted by by Austin Mwendia
  • ZKSync recovered $5 million in tokens after a hacker exploited its airdrop contract using an admin key.
  • The hacker returned the stolen funds within the 72-hour window offered by the ZKSync Security Council.
  • Governance will now decide how to use the recovered tokens while a full forensic report is being prepared.

ZKSync has recovered nearly $5 million in stolen ZK tokens after a security breach involving its airdrop distribution contracts. The funds were returned within a 72-hour window offered by the platform’s Security Council.

Attack Exploited Airdrop Contract via Compromised Admin Key

The breach occurred on April 15 through unauthorized minting of about 111 million ZK tokens. The attacker used a compromised admin key to bypass normal token distribution rules. The individual claimed unallocated tokens from ZKSync’s initial airdrop round.

The vulnerability was limited to the airdrop contract. The core infrastructure, governance processes, and token contract remained unaffected throughout the incident. 

ZKSync moved quickly to contain the issue. On-chain records confirmed the attacker converted around $3.5 million of the stolen ZK into Ethereum. The rest remained untouched until the agreement.

Security Council Offer Leads to Resolution

To encourage a peaceful resolution, the Security Council issued an on-chain proposal. The message offered the hacker a 10% bounty if they returned 90% of the stolen funds. Clear wallet addresses were shared for transferring assets across Ethereum and the ZKSync Era network.

The attacker complied with the terms and returned the funds before the deadline. ZKSync later confirmed that it would not pursue legal action. The assets included over 44.6 million ZK tokens and nearly 1,800 ETH. All recovered assets are now held securely by the Security Council.

Governance to Decide on Recovered Assets

Governance will determine how to use the returned assets. A forensic report on the exploit and fund recovery is being prepared. This report will support transparency and guide future protocol decisions.

The breach has renewed focus on admin key security. ZKSync stressed that no user funds were affected. The protocol’s key systems remained fully functional during the event. Swift negotiations helped ZKSync avoid lengthy legal proceedings. Most of the stolen funds have now been safely recovered and are under review.

Tags:
Profile picture of Austin Mwendia
Austin Mwendia Posted by

Austin Mwendia is a seasoned crypto writer with expertise in blockchain technology and finance. With years of experience, he offers insightful analysis, news coverage, and educational content to a diverse audience. Austin's work simplifies complex crypto concepts, making them accessible and engaging.