After reaching its agreement with Exploit, ZKSYNC confirmed it had fully recovered about $5 million in ZK tokens stolen during a recent violation, including an airdrop distribution agreement.
announcement, The hacker, created on social media on April 23, said it returned the funds within a 72-hour “Safe Harbor” window provided by the Protocol's Security Council.
According to the team, the returned assets are currently being detained by the Security Council, and Protocol Governance has decided on a final decision regarding its use. A detailed forensic report has been prepared on the incident and subsequent recovery.
Negotiated returns avoid escalation
The exploit occurred on April 15th and is not permitted Approximately 111 million ZK tokens of mintwhich amounted to about $5 million at the time through a compromised management key.
The vulnerability was limited to ZKSYNC's airdrop distribution agreements and did not affect the broader protocol infrastructure, ZK token agreements, or governance operations.
The attacker bypassed the standard allocation mechanism and claimed tokens that were not billed from the first delivery round of the network. On-chain data later confirmed that the exploit had exchanged about $3.5 million for Ethereum (ETH) for the stolen ZK token.
ZKSYNC has assured users that the incident did not compromise on customer funds or core infrastructure.
To avoid long-term legal proceedings, Zksync's Security Council issued on-chain messages to attackers and provided a 10% prize money to return 90% of the exploited funds.
The proposal included specific wallet addresses for transferring ZK and ETH tokens across the ZKSYNC ERA network and the Ethereum mainnet.
The agreement was subject to the full refund of funds by the stated deadline. Zksync confirmed that the asset was successfully transferred to resolve the issue and added that it would not take any further action against the attacker.
Governance that determines asset allocation
The recovered assets are currently under the control of the Security Council as they are currently pending governance deliberations regarding future treatments. The incident prompted new scrutiny on smart contract access control, particularly on administrative key security and airdrop mechanisms.
Despite a quick recovery, the exploit temporarily inflated the supply of ZK tokens, triggering a market response.
Furthermore, ZK's prices did not respond to the news, but increased by just 0.5% as ZKSYNC revealed its funding agreement and recovery.
It is mentioned in this article
