ZKsync Gives Hackers 72 Hours to Return 90% of Stolen Funds or Face Criminal Liability

The ZKsync team has given the hackers behind a recent exploit a 72-hour ultimatum to return 90% of the stolen funds, or face criminal liability.

The Zksync team has given the hackers behind a recent exploit 72 hours to return 90% of the stolen funds or face criminal liability.

The Zksync (ZK) Security Council said on Friday that a positive response will bring the incident to an amicable solution. The layer 2 blockchain platform posted this in a message onchain and via the project’s official account.

“To resolve this matter amicably in the spirit of safe harbor, we are offering a 10% bounty for your cooperation if you return 90% of the funds involved in the exploit,” Zksync wrote.

On April 15, ZKsync confirmed that its admin wallet had been compromised, with around $5 million worth of ZK tokens stolen. According to the platform, the funds were from a chunk of “remaining unclaimed tokens from the ZkSync airdrop.”

An update from the team at the time was that all user funds were safe and had never been at risk. Despite the crypto hack, both the Zksync protocol and ZK token contracts remained secure, the team noted.

However, Zksync said an investigation into the incident was ongoing, with the latest announcement coming amid a price bounce for ZK.

The 72-hour ultimatum specifically requires that the hacker send 44,687,278.5988 ZK tokens to a Zksync Era address. It also requires that the hacker send 1,021.3 Ethereum (ETH) and 766 ETH to the given addresses. This includes an Ethereum layer 1 address under the control of the ZKsync Security Council.

“Funds sent to the above-listed addresses controlled by the ZKsync Security Council will not be affected by the transaction filtering that currently prevents transactions from the addresses holding the exploited funds. Funds must be received in the Zksync Era and Ethereum addresses listed above by the deadline.”

According to Zksync, if the hacker returns the full amount of stolen funds within the deadline, the team will “publicly confirm” a resolution.

ZKsync will close the case in the $5 million exploit without further action.

However, if the hacker disregards the ultimatum, Zksync will escalate the issue with the involvement of law enforcement.