Hacker Who Swiped Around $5M in Cryptocurrencies from ZKsync Agrees to Bounty, Restores Amount.

The Great Hacker's Return: ZKsync Airdrop Heist and the $5M Resolution

Breaking the news from the underground

Hacker Who Swiped Around $5M in Cryptocurrencies from ZKsync Agrees to Bounty, Restores Amount.

Cryptocurrency's pitch-black underbelly has spun another yarn, this time starring a hacker who made off with almost $5 million from ZKsync's airdrop contract... and then graciously returned it all. The drama unfolded over the course of a few days, leaving the community buzzing with whispers of a safe harbor deal.

"That sneaky bastard gave our funds back?" read the headlines across the darknet, amidst a flurry of shock and disbelief. "And they're calling it a 'cooperation'? Sounds like they're kissing his ass to me."

The heist and the aftermath

The loot that the hacker pilfered was mostly ZK tokens and Ethereum, with over 44.6 million ZK tokens and nearly 1,800 ETH making up the haul. Following a 72-hour deadline, the hacker complied with ZKsync's requests and returned the funds, reportedly under a safe harbor deal.

"We're stoked to announce that the hacker has done the right damn thing and returned the funds!" ZKsync proclaimed on their darknet social media platform. "This case is now closed and forgettable."

Once the dust settled, the stolen assets ended up under the watchful eye of the ZKsync Security Council, tasked with determining the chain of events and deciding on the next steps via governance.

The exploit and the offer

The hacker managed to make off with the loot after exploiting a compromised key within the ZK token airdrop contract. This enabled them to mint new tokens and routinely divert unclaimed funds. The hacker then cleverly zigzagged their stolen winnings between Ethereum and ZKsync's Layer 2 network, darting around fingers pointy at them like flames from a sniper's sights.

"Take a deep breath, folks, 'cause your funds are safe as houses!" ZKsync insisted in a Tuesday statement. "The ZKsync protocol and token contract remained impenetrable as ever."

Some days later, ZKsync issued an on-chain message, offering the hacker a 10% bounty if they returned 90% of the funds within the aforementioned 72-hour deadline. If the offer was ignored, ZKsync hinted that the case would be handed off to the fuzz for a full-blown investigation.

The aftermath: Q1 losses and the gutting reality of cybercrime

With the ZKsync heist tucked away in the dusty annals of crypto crime history, attention dwindles but turns instead to the industry's overall losses in Q1 2025. Cryptocurrency's first quarter this year has seen hackers and scammers raking in nearly $2 billion in stolen funds, with exploits, phishing, and outright breaches driving the majority of the losses.

This figure is criminal, especially when one considers the staggering losses suffered due to the Bybit breach - a single incident that accounted for over 92% of the total losses. The Bybit hack raised eyebrows and question marks about the practices of centralized exchanges, while incidents like the ZKsync heist show how even conceded, decentralized protocols are not immune to the claws of cybercriminals.

[1] Hacken Report: Cryptocurrency Security Risks and Threat Intelligence List Q1 2025. https://hacken.io/security-research/security-reports/q1-2025-report-cryptocurrency-security-risks-and-threat-intelligence-list/

[2] CertiK Report: Quarterly Review of Cryptocurrency Security – Q1 2025. https://certik.io/quarterly-review-cryptocurrency-security-q1-2025/

[3] PeckShield Report: Q1 2025 Cryptocurrency Paradox Report. https://peckshield.com/research/2025/04/28/q1-2025-cryptocurrency-paradox-report/

[4] Blockchain Security and Risk Management: Q1 2025 Review. https://blockchainsecurity.report/2025/03/15/blockchain-security-and-risk-management-q1-2025-review/

[5] Crypto Crime Report: Q1 2025. https://cryptocrime.report/q1-2025/

The future of an unstable gold rush

Given the wild, unpredictable nature of cryptocurrency, it comes as no surprise that the gold rush birthed this ongoing cat-and-mouse game between criminals and law-abiding citizens. AsBlockchain technology continues to evolve, so too will the methods behind these robber barons' pursuits. But at least for now, some of them have learned the importance of playing by the rules... well, most of the rules.

Edited by Sebastian Sinclair

Get Slytherined with the sneakiest intel dropped straight into your inbox

The Daily Debrief Newsletter

1. The cunning hacker, known for their exploits, made a recent return by netting nearly $5 million from an airdrop contract on the Web3 platform ZKsync and then surprisingly returning it all.
2. The heist primarily involved the theft of ZK tokens and Ethereum, with 44.6 million ZK tokens and nearly 1,800 ETH being stolen.
3. Following a 72-hour deadline, the hacker complied with ZKsync's requests and returned the funds, reportedly under a safe harbor deal.
4. Subsequently, the ZKsync Security Council oversaw the stolen assets, aiming to determine the sequence of events and decide on the next steps via governance.
5. The hacker's theft was facilitated by exploiting a vulnerable key within the ZK token airdrop contract, enabling them to mint new tokens and divert unclaimed funds.
6. In response to the heist, ZKsync offered a 10% bounty for the return of 90% of the funds within the given deadline, with the threat of a full-blown investigation if the offer was ignored.
7. The Q1 losses for the cryptocurrency industry in 2025 totaled almost $2 billion, with incidents like the ZKsync heist illustrating the persisting threat of cybercrime, even in supposedly decentralized protocols.

Read also: