ZKSync announced a significant recovery of funds after a hacker exploited a vulnerability to steal approximately $5 million worth of tokens.
The attacker returned 90% of the stolen assets after accepting a 10% bounty offered by the platform, marking a rare positive outcome in the often grim landscape of DeFi exploits.
The incident occurred on April 15 when a compromised admin key allowed the hacker to mint about 111 million ZK tokens from unclaimed airdrop reserves. ZKSync clarified that only three specific airdrop contracts were affected, with core protocol systems and user funds remaining secure throughout the event. The vulnerability was limited to these contracts, and since all distributor contracts were capped, no further minting of tokens was possible using this exploit.
Following the breach, ZKSync’s Security Council quickly engaged with the attacker. On April 21, the platform publicly offered a deal: the hacker could keep 10% of the stolen tokens as a bounty if they returned the remaining 90%. This approach aimed to recover the majority of the funds while incentivizing cooperation.
To mitigate further risk, Matter Labs, the sole sequencer for ZKSync Era, implemented transaction filtering to block activity from compromised addresses. This centralized control measure is possible during ZKSync Era’s Stage 0 rollout phase, but is designed to be temporary and removable by governance decisions. The hacker complied, returning nearly 45 million ZK tokens and over 1,700 ETH to addresses controlled by the Security Council. The council now holds these recovered tokens, with governance set to decide their final disposition. ZKSync has pledged to release a comprehensive investigation report soon, providing further transparency and insights into the incident.
Notably, Hackers have compromised SourceForge, a platform for open-source software development. These malicious actors distributed cryptocurrency mining malware by creating fake project pages mimicking Microsoft Office add-ins—users who downloaded these deceptive packages unknowingly installed crypto miners and clipboard hijackers onto their systems.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
