ZKSync Recovers $5M in Tokens After Airdrop Exploit, Governance to Decide Next Steps

News

Crypto Market Faces $310 Million Loss in August Due to Exploits and Scams

  • ZKSync recovered $5 million in tokens after a hacker exploited its airdrop contract using an admin key.
  • The hacker returned the stolen funds within the 72-hour window offered by the ZKSync Security Council.
  • Governance will now decide how to use the recovered tokens while a full forensic report is being prepared.

ZKSync has recovered nearly $5 million in stolen ZK tokens after a security breach involving its airdrop distribution contracts. The funds were returned within a 72-hour window offered by the platform’s Security Council.

Attack Exploited Airdrop Contract via Compromised Admin Key

The breach occurred on April 15 through unauthorized minting of about 111 million ZK tokens. The attacker used a compromised admin key to bypass normal token distribution rules. The individual claimed unallocated tokens from ZKSync’s initial airdrop round.

The vulnerability was limited to the airdrop contract. The core infrastructure, governance processes, and token contract remained unaffected throughout the incident. 

ZKSync moved quickly to contain the issue. On-chain records confirmed the attacker converted around $3.5 million of the stolen ZK into Ethereum. The rest remained untouched until the agreement.

Security Council Offer Leads to Resolution

To encourage a peaceful resolution, the Security Council issued an on-chain proposal. The message offered the hacker a 10% bounty if they returned 90% of the stolen funds. Clear wallet addresses were shared for transferring assets across Ethereum and the ZKSync Era network.

The attacker complied with the terms and returned the funds before the deadline. ZKSync later confirmed that it would not pursue legal action. The assets included over 44.6 million ZK tokens and nearly 1,800 ETH. All recovered assets are now held securely by the Security Council.

Governance to Decide on Recovered Assets

Governance will determine how to use the returned assets. A forensic report on the exploit and fund recovery is being prepared. This report will support transparency and guide future protocol decisions.

The breach has renewed focus on admin key security. ZKSync stressed that no user funds were affected. The protocol’s key systems remained fully functional during the event. Swift negotiations helped ZKSync avoid lengthy legal proceedings. Most of the stolen funds have now been safely recovered and are under review.

Earn more PRC tokens by sharing this post. Copy and paste the URL below and share to friends, when they click and visit Parrot Coin website you earn: https://parrotcoin.net0

PRC Comment Policy

Your comments MUST BE constructive with vivid and clear suggestion relating to the post.

Your comments MUST NOT be less than 5 words.

Do NOT in any way copy/duplicate or transmit another members comment and paste to earn. Members who indulge themselves copying and duplicating comments, their earnings would be wiped out totally as a warning and Account deactivated if the user continue the act.

Parrot Coin does not pay for exclamatory comments Such as hahaha, nice one, wow, congrats, lmao, lol, etc are strictly forbidden and disallowed. Kindly adhere to this rule.

Constructive REPLY to comments is allowed

Leave a Reply