The ZKsync Affiliation has confirmed the restoration of $5 million value of stolen tokens from an April 15 ZKsync safety incident involving its airdrop distribution contract.
The hacker agreed to simply accept a ten% bounty and return 90% of the remaining stolen tokens, transferring the ZKsync Safety Council nearly $5.7 million throughout three transfers on April 23.
“We’re happy to share that the hacker has cooperated and returned the funds inside the secure harbor deadline,” ZKsync Affiliation posted to X on April 23, which was later reposted by ZKsync’s X account.
Matter Labs, the corporate behind the ZKsync protocol, additionally reposted the information shared on X.
The ZKsync X account beforehand confirmed that no user funds were compromised.
The hacker sent two transfers on the ZKsync Period blockchain, consisting of $2.47 million value of ZKsync (ZK) tokens and $1.83 million value of Ether (ETH) to the ZKsync Safety Council’s ZKsync Period handle.
One other 776 ETH value almost $1.4 million was additionally despatched to their safety council’s Ethereum handle, Etherscan data exhibits.
The primary switch was made on April 23 at 2:39:57 pm UTC on and the final switch was made roughly 13 minutes later — all inside the 72-hour window that ZK Sync had initially set.
ZKsync Affiliation mentioned the corporate would publish a closing report revealing extra particulars from the safety incident.
How the hack occurred
The hacker breached ZKsync’s admin account, permitting them to take advantage of the airdrop distribution contract’s sweepUnclaimed() operate to mint 111 million unclaimed ZK tokens, value roughly $5 million on the time of the April 15 assault.
The hack occurred whereas ZKsync was within the process of airdropping 17.5% of ZK’s token provide to ecosystem contributors.
The recovered quantity — nearly $5.7 million — exceeded the $5 million initially stolen on account of an increase out there worth of the stolen tokens, with ZK and ETH rising 16.6% and eight.8% respectively for the reason that April 15 assault, according to CoinGecko knowledge.
Regardless of the asset restoration, the ZK token didn’t rise considerably on the information and is at present down 0.2% during the last 24 hours.
ZKsync Era is an Ethereum layer 2 answer that makes use of zero-knowledge rollups to batch and course of transactions offchain. It has almost $59 million in complete worth locked on its chain and has over $2 billion in real-world property onchain, according to DefiLlama and RWA.xyz.
Journal: Ethereum maxis should become ‘assholes’ to win TradFi tokenization race
