In a nutshell
- A hacker accepted a 10 % bounty as part of a safe harbor agreement and returned nearly$ 5 million to ZKsync.
- The funds were initially taken by utilizing a stolen resupply deal.
- Ethereum is the hardest hit cryptocurrency with$ 1.67 billion in losses in Q1 2025 due to the incident.
A hacker closed the book on the most recent exploit by draining nearly$ 5 million from ZKsync’s resupply agreement, returning the stolen funds within the program’s 72-hour deadline.
ZKsync posted on X, previously Online,” We’re pleased to share that the thief cooperated and returned the money within the safe harbor deadline.” The situation is now regarded as resolved.
The ZKsync Security Council, which may decide the future steps via leadership, is now in charge of the recovered goods, which include practically 44.6 million ZK cryptocurrencies and nearly 1,800 ETH.  ,
The package comes in response to an exploit that occurred earlier this week that targeted a” compromised code” behind the ZK token airstrike contract, which allowed the attacker to create new tokens and redirect unclaimed money.  ,
The attacker then moved the resources between the Layer 2 networks of ZKsync and Ethereum.
In a post on Tuesday, ZKsync stated that” all customer funds are secure and never in danger.” The ZK key contract and ZKsync protocol remained stable.
In response, the convention responded by sending an on-chain concept offering a 10 % bounty to the intruder if 90 % of the money were returned within 72 hours.  ,
ZKsync warned the thief that the case may be escalated to legislation enforcement to launch a “full legal analysis” if the offer was disregarded.
According to CoinGecko data, the ZK token’s price briefly dropped to$ 0.04 following the exploit, but it has since stabilized close to$ 0.05, down 2.6 % over the past 24 hours.
A final inspection report is in the performs, according to ZKsync, and it will be published once it is finished.
Hackers are on the rise everywhere.
The blockchain market has been the target of a number of attacks this year. Nearly$ 1.6 billion in crypto has already been stolen in the first two months of the year, according to blockchain security firm Immunefi.  ,
A separate report from CertiK, a cryptocurrency protection company, presents an equally alarming picture, noting that hackers, scams, and escapades caused a decline of$ 1.67 billion in the first quarter of the year, which is already responsible for over two-thirds of all stolen money in 2024.  ,
The fatal Bybit exploit, which single caused$ 1.45 billion in losses and raised industry-wide questions about consolidated exchange security practices, contributed a large portion of this complete.
Secret key agreements remained a key risk matrix, accounting for$ 142.3 million in deficits across just 15 occurrences.  ,
Alarmingly, only 0.3 % of stolen funds were recovered this quarter, compared to a whopping 42 % of the previous quarter’s recovery rate. Not a solitary money was returned in February alone, according to the report.
Ethereum remained the most targeted, resulting in thefts of practically$ 1.54 billion across 98 situations.  ,
edited by
Daily Debrief Newsletter
Begin each day with the most popular media stories right now, along with unique content, a audio, videos, and more.
