ZKSync has recovered over $5 million worth of tokens after a hacker accepted a 10% bounty in exchange for returning 90% of the stolen assets.

On Apr. 23, ZKSync announced on X that the hacker had cooperated and returned the stolen tokens within the platform’s 72-hour “safe harbor” window. The ZKSync Security Council now holds the recovered tokens, and governance will decide what to do with them.

The hack, which took place on Apr. 15, involved a compromised admin key that allowed the attacker to mint approximately 111 million ZK tokens, valued at around $5 million, from unclaimed airdrop reserves. According to ZKSync, only three specific airdrop contracts were impacted by the vulnerability. Core protocol systems and user funds were unaffected. 

The platform also confirmed that since all distributor contracts involved were already capped, no new tokens could be minted using this exploit. User funds, core contracts, and governance were all kept completely safe.

In response to the hack, ZKSync issued a message to the hacker on Apr. 21, offering a deal to return 90% of the stolen funds and keep 10% as a bounty. In addition, Matter Labs, the current sole sequencer for ZKSync Era, implemented transaction filtering to block activity from the compromised addresses. 

This temporary measure was implemented because the exploit had a direct link to tokens related to governance. Centralized controls such as this are feasible in ZKSync Era’s Stage 0 rollout phase. However, the team emphasized that filters could be removed at any time by governance.

The hacker appears to have complied, sending back nearly 45 million ZK tokens and over 1,700 Ethereum (ETH) to addresses controlled by the Security Council. The recovery marks a rare win in a sector where many hacks go unresolved. A final investigation report is expected soon.