After the Hacker accepted the bounty protocol, ZKsync successfully recovered 5 million USD worth of stolen Tokens.

Source: Cointelegraph Original: "After the hacker accepted the bounty agreement, ZKsync successfully recovered $5 million in stolen tokens"

The ZKsync Association has confirmed the recovery of approximately $5 million in tokens stolen during the security incident on April 15. This incident involved its airdrop distribution contract.

The hacker agreed to accept a 10% bounty and returned 90% of the stolen tokens, returning nearly 5.7 million dollars to the ZKsync security committee through three transactions on April 23.

"We are pleased to announce that the hacker has cooperated and returned the funds within the 'safe harbor' period," the ZKsync association announced on April 23 on platform X, a message that was subsequently retweeted by the official ZKsync account.

The developer of the ZKsync protocol, Matter Labs, also forwarded this message on platform X.

ZKsync has previously confirmed that no user funds were affected in this incident.

The hacker made two transfers through the ZKsync Era blockchain, with amounts of $2.47 million in ZKsync (ZK) tokens and $1.83 million in Ethereum (ETH), both sent to the ZKsync Era address of the ZKsync Security Council.

According to Etherscan data, an additional 776 Ethereum, worth approximately $1.4 million, were also transferred to the committee's Ethereum address.

The first transfer occurred on April 23 at 2:39:57 PM UTC, and the last transfer was completed approximately 13 minutes later. All transfers were completed within the initial 72 hours set by ZKsync.

The ZKsync Association stated that the company will release a final report revealing more details about this security incident.

How hackers attack

Hackers breached the admin account of ZKsync and exploited this vulnerability to use the sweepUnclaimed() function in the airdrop distribution contract, minting 111 million unclaimed ZK tokens, which were valued at approximately 5 million dollars at the time.

The attack occurred while ZKsync was airdropping 17.5% of its ZK token supply to ecosystem participants.

The amount recovered this time is close to $5.7 million, exceeding the initial $5 million that was stolen, primarily due to the increase in market value of the stolen tokens—according to CoinGecko, since the attack on April 15, the prices of ZK and Ethereum have risen by 16.6% and 8.8%, respectively.

Although the funds have been recovered, the price of ZK tokens has not significantly increased as a result, currently down 0.2% in the past 24 hours.

ZKsync Era is an Ethereum-based Layer 2 solution that uses zero-knowledge aggregation technology to batch process off-chain transactions. According to data from DefiLlama and RWA.xyz, its total value locked (TVL) on-chain is close to 59 million USD, with actual on-chain assets exceeding 2 billion USD.

Related articles: The Central Bank of Russia and the Ministry of Finance will launch a cryptocurrency exchange.