ZkSync Hacker Returns $5.7 Million in Stolen Funds, Accepts Bounty

Over a week after the Zksync hacking incident, the exploiter agreed to a bounty and returned a significant portion of the loot.

Over a week after the Zksync hacking incident, the exploiter agreed to a bounty and returned a significant portion of the loot.

Despite recovering stolen funds, the network’s powering token, ZK, continues to exhibit bearish sentiment.

ZKSync Hacker Returns $5.7 Million

On April 15, the Ethereum-based Layer-2 scalability solution, ZKsync, suffered a hack. The compromised account controlled $5 million worth of ZK tokens. As BeInCrypto reported, the incident had caused a 16% price drop.

The incident was controversial after some community members noticed some concerning data. The revelations led to dire allegations, with some likening ZkSync to Mantra (OM). To some, ZkSync responded to the hack by dumping their assets at an accelerated pace.

“The ZkSync team has released 110 million tokens and sold 66 million. The price of ZK is going against the trend as the market is recovering, and it has immediately dropped by 15%. First OM, now ZK, this project seems to be heading in the wrong direction,” one user noted.

This bordered on embezzlement. However, in a recent development, the ZKsync Association revealed that the hacker returned 90% of the funds, effectively honouring the safe harbor deadline.

We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. As stated in the original Security Council message, the case is now considered resolved.The assets are now in custody of the Security Council, and the decision on what… https://t.co?rksync Security Council offered the hacker a 10% bounty if they returned the stolen funds, allowing a 72-hour window.

“To resolve this matter amicably in the spirit of safe harbor, we are offering a 10% bounty for your cooperation if you return 90% of the funds involved in the exploit,” ZK Nation shared on X.

As it happened, the bad actor heeded, transferring almost $5.7 million to the ZKsync Security Council across three transfers on April 23.

Specifically, they sent two transfers on the ZKsync Era blockchain. The first involved sending $1.83 million worth of ETH to the ZKsync Security Council’s ZKsync Era address, and the second involved sending $2.47 million worth of ZKsync tokens.

In the third transaction, the ZKSync hacker sent 776 ETH to the ZkSync Security Council’s Ethereum address. This was valued at approximately $1.4 million.

With this, the ZKsync Association committed to publishing a final report revealing more details about the security incident.

Meanwhile, it is worth noting that the hacker followed the instructions given by the ZKsync Security Council to the letter. Based on this, the case closes without further action.

It mirrors past incidents, including Ronin Bridge hackers returning $10 million worth of ETH and earning a $500,000 bounty.

Despite the turn of events, however, the ZK token continues to display bearish sentiment, down by nearly 2% in the last 24 hours. As of this writing, ZKsync’s token was trading for $0.06.

Meanwhile, not all hacking incidents have good samaritans. Recently, Bybit launched a bounty program. This saw the crypto exchange offering up to 10% of recovered funds to ethical hackers and cybersecurity experts.

This incentivized efforts to reclaim $1.4 billion in stolen assets. While some efforts to recover lost assets yielded results, the partial recovery was thanks to key industry players stepping in, not the exploiter.

Moreover, other ecosystems are utitlizing bounty programs to몹의 시큐리티. Charles Hoskinson recently announced a $1 million bounty for successfully hacking the new Lace Paper Wallet to test its strength.

Similarly, Uniswap announced a record-breaking $15.5 million bug bounty targeting critical vulnerabilities in its v4 core contracts.