ZKSync confirmed that a hacker who siphoned almost $5 million from its ZK token airdrop contract has given every cent back inside the project’s 72‑hour “safe‑harbor” window.
“We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline,” ZKSync posted on X, formerly Twitter. “The case is now considered resolved.”
Roughly 44.6 million ZK tokens and about 1,800 ETH have been transferred to the ZKSync Security Council, which will decide—through governance—how to redistribute the assets.
The attacker exploited an airdrop flaw to mint tokens
The refund closes the book on an exploit earlier this week that leveraged a compromised private key tied to the airdrop contract, letting the attacker mint extra tokens and divert unclaimed funds.
The culprit had transferred the funds across Ethereum (ETH) and ZKSync’s layer 2 network.
The vulnerability did not affect the broader protocol infrastructure, ZK token contract, or governance operations.
The attacker circumvented normal allocation processes and took unclaimed tokens from the network’s initial distribution round. On-chain data subsequently revealed that the exploiter exchanged $3.5 million worth of stolen ZK tokens for Ethereum.
ZKSync had assured users that the incident did not compromise customer funds or core infrastructure.
“All user funds are safe and have never been at risk,” ZKSync said in a Tuesday post. “The ZKsync protocol and ZK token contract remained secure.”
Later, the protocol acted by issuing an on-chain message offering the attacker a 10% bounty if 90% of the funds were returned within 3 days.
The proposal included specific wallet addresses for transferring ZK and ETH tokens across the ZKSync Era network and Ethereum’s mainnet.
On the other hand, ZKSync had cautioned the hacker that failure to comply with the terms would cause the issue to be escalated to law enforcement to pursue a “full criminal investigation.”
Following the hack, the ZK token’s price briefly plunged to $0.04. However, it stabilized at nearly $0.05, down 2.6% over the last 24 hours, according to CoinGecko data.
ZKSync said a final investigation report is in the works following the hacker’s return of the funds. According to the team, the report will be published once it is completed. The incident has prompted renewed scrutiny over smart contract access controls, particularly regarding admin key security and airdrop mechanisms.
Crypto hacks surge to $1.67B in Q1 as key compromises and exchange exploits soar
The hack is the latest in a string of attacks plaguing the crypto sector in 2025. As per blockchain security firm Immunefi, about $1.6 billion in crypto was stolen in the first two months of the year.
A separate report from blockchain security firm CertiK paints an equally troubling picture, revealing that the first quarter of the year saw a staggering $1.67 billion lost to hacks, scams, and exploits—already representing over two-thirds of the total stolen funds in 2024.
A significant amount of the value of all this can be pinned on the catastrophic Bybit exploit (which lost $1.45 billion), which has raised some hard questions about the kind of security practices centralized exchanges are deploying.
Incidents involving the compromise of private keys were still the number one theft of funds, accounting for 15 cases and $142.3 million in losses.
Perhaps more worrying is that just 0.38% of stolen funds were recovered in the first quarter, compared with 42% in Q4. It should be noted that not one dollar was recovered from the haul in February of 2025.
Ethereum remains the most compromised blockchain, with 98 attacks and $1.54 billion stolen.
Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now
