Web3
Share this article

ZKSync Hacker Returns $5M in Stolen Tokens After Accepting 10% Bounty

The hacker cooperated with the ZKsync team and returned the funds within the “safe harbor” deadline while taking a 10% bounty..

By Francisco Rodrigues|Edited by Sheldon Reback
Updated Apr 24, 2025, 4:29 p.m. Published Apr 24, 2025, 8:04 a.m.
Glasses in front of monitors with code (Kevin Ku/Unsplash)
The ZKSync hacker returned tokens stolen from an admin wallet. (Kevin Ku/Unsplash)

What to know:

  • Nearly $5 million worth of stolen ZK tokens were returned after the hacker accepted a 10% bounty.
  • The hacker returned the funds within the “safe harbor” deadline.
  • The ZKsync Security Council will determine the fate of the recovered tokens.

ZKsync said $5 million worth of tokens stolen during an admin wallet hack last week have been returned and the case is now considered resolved.

The layer-2 blockchain protocol saw a hacker compromise its admin wallet, leading to the theft of unclaimed tokens from the ZKsync airdrop.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the The Protocol Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

In a post on X, the project said the hacker cooperated with the team and returned the funds within the “safe harbor” deadline — a grace period commonly offered in security incidents to incentivize returns without legal consequence. The cooperation means the hacker took a 10% bounty.

The tokens are now in custody of the ZKsync Security Council and a governance process will determine what to do with them. A final investigation report is being prepared and will be published when complete.

Zksync eraHack

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

Coinbase, Chainlink Introduce Base-Solana Bridge to Link Ecosystems

By Francisco Rodrigues
Dec 4, 2025
bridge (Modestas Urbonas/Unsplash/Modified by CoinDesk)

The bridge, secured by Chainlink's Cross-Chain Interoperability Protocol, allows users to trade and interact with Solana-based tokens on Base-based dapps.

What to know:

  • A new bridge connecting Base, the layer 2 incubated by Coinbase, and the Solana blockchain is now live on mainnet, enabling asset transfers between the two ecosystems.
  • The bridge, secured by Chainlink's Cross-Chain Interoperability Protocol, allows users to trade and interact with Solana-based tokens on Base-based decentralized applications.
  • The open-source bridge on GitHub enables developers to integrate cross-chain support, marking a step toward interconnected blockchains and "always-on" capital markets, with more chains expected to be linked in the future.
Read full story