ZKSync Pulls Off a $5M Heist Reversal: Hacker Plays Ball, Returns 90% of Stolen Tokens!

Hacker's 10% Bounty Deal Seals the Deal

Hold onto your hats, crypto fans! ZKSync just turned the tables on a hacker who swiped over $5 million in tokens. In a wild turn of events, the cyber thief agreed to a sweet 10% bounty deal, handing back a whopping 90% of the loot. Talk about a plot twist!

72-Hour "Safe Harbor" Deadline Met

On April 23, ZKSync dropped the bomb on X: the hacker played by the rules, returning the stolen goods within the platform’s nail-biting 72-hour “safe harbor” window. Now, the ZKSync Security Council's got the tokens locked up tight, and it's up to governance to decide their fate.

We're stoked to report the hacker coughed up the cash within the deadline. Case closed, as promised by the Security Council. The assets are chilling with the Council, and what happens next is anyone's guess.

April 15 Hack: A Compromised Key and a $5M Mint

Here's the lowdown: on April 15, some sneaky hacker got their hands on a compromised admin key and went on a minting spree, churning out about 111 million ZK tokens worth around $5 million from unclaimed airdrop reserves. But don't panic - ZKSync says only three specific airdrop contracts felt the heat. The core protocol and user funds? Safe as houses.

And get this - since the involved distributor contracts were already maxed out, no new tokens could be minted with this exploit. User funds, core contracts, and governance stayed rock solid.

ZKSync's Bold Move: 90/10 Deal and Transaction Filtering

In a ballsy move on April 21, ZKSync laid down the law to the hacker: return 90% of the stolen funds and keep 10% as a bounty. No messing around! Plus, Matter Labs, ZKSync Era's sole sequencer, threw up some transaction filters to block any shady business from the compromised addresses.

This temporary lockdown was necessary because the exploit was tied to governance-related tokens. In ZKSync Era's Stage 0 rollout, centralized controls like this are fair game. But the team made it clear: governance could pull the plug on those filters anytime.

Hacker Complies, Returns Millions in ZK and ETH

And just like that, the hacker caved, sending back nearly 45 million ZK tokens and over 1,700 Ethereum (ETH) to addresses controlled by the Security Council. It's a rare victory in a world where hacks often go unsolved. Keep your eyes peeled for the final investigation report dropping soon!