Share this article

ZKSync Hacker Returns $5M in Stolen Tokens After Accepting 10% Bounty

The hacker cooperated with the ZKsync team and returned the funds within the “safe harbor” deadline while taking a 10% bounty..

By Francisco Rodrigues|Edited by Sheldon Reback

Updated Apr 24, 2025, 4:29 p.m. Published Apr 24, 2025, 8:04 a.m.

Glasses in front of monitors with code (Kevin Ku/Unsplash) — The ZKSync hacker returned tokens stolen from an admin wallet. (Kevin Ku/Unsplash)

What to know:

Nearly $5 million worth of stolen ZK tokens were returned after the hacker accepted a 10% bounty.
The hacker returned the funds within the “safe harbor” deadline.
The ZKsync Security Council will determine the fate of the recovered tokens.

ZKsync said $5 million worth of tokens stolen during an admin wallet hack last week have been returned and the case is now considered resolved.

The layer-2 blockchain protocol saw a hacker compromise its admin wallet, leading to the theft of unclaimed tokens from the ZKsync airdrop.

STORY CONTINUES BELOW

Don't miss another story.Subscribe to the The Protocol Newsletter today. See all newsletters

By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

In a post on X, the project said the hacker cooperated with the team and returned the funds within the “safe harbor” deadline — a grace period commonly offered in security incidents to incentivize returns without legal consequence. The cooperation means the hacker took a 10% bounty.

The tokens are now in custody of the ZKsync Security Council and a governance process will determine what to do with them. A final investigation report is being prepared and will be published when complete.

Zksync era Hack

Francisco Rodrigues

Francisco is a reporter for CoinDesk with a passion for cryptocurrencies and personal finance. Before joining CoinDesk he worked at major financial and crypto publications. He owns bitcoin, ether, solana, and PAXG above CoinDesk's $1,000 disclosure threshold.