ZKsync Security Council has announced the successful recovery of approximately $5 million in stolen tokens, marking the official closure of a recent security breach.
The individual behind the incident returned the funds within the platform’s designated safe harbor period, allowing the matter to be settled without legal action.
Swift Recovery Through Cooperation
The Council confirmed that the hacker responded positively to its public proposal, which offered a 10% bounty if 90% of the stolen tokens were returned. The agreement was designed to focus on quick resolution and asset recovery, avoiding extended confrontation. This approach led to a peaceful outcome and the return of the stolen ZK tokens.
Funds Returned, Governance to Decide Next Steps
The recovered assets are now under the control of the Security Council. A final decision on how these tokens will be managed will come from the project’s governance. The Council also mentioned that a full investigation report is being prepared and will be shared publicly once complete.
Incident Details and User Safety
The breach occurred after an attacker gained access to an administrative account, enabling the unauthorized withdrawal of roughly $5 million worth of ZK tokens. These tokens were related to unclaimed funds from a previous airdrop. Importantly, ZKsync reassured its community that user wallets and assets remained untouched and fully secure during the event.
Following the breach, ZK tokens experienced a temporary 20% drop in value, likely due to the sell-off of the compromised assets. Despite the incident, the core ZKsync protocol and the token’s smart contract were not affected.
ZKsync, developed by Matter Labs, is a Layer 2 solution aimed at improving Ethereum’s scalability. Its token airdrop last year increased accessibility but also raised concerns over how tokens were distributed and the risks of Sybil attacks.