• ZKsync hacker returns 90% of stolen funds, approximately $5.7 million, after agreeing to a 10% bounty offer from the ZKsync Security Council.
• Despite the return of funds, ZKsync’s native token, ZK, continues to face bearish market sentiment, dropping by nearly 2%.
• The hacker’s cooperation with the bounty program mirrors past incidents like the Ronin Bridge hack, where the hacker returned stolen assets for a reward.

Over a week after the Zksync hacking incident, the exploiter agreed to a bounty and returned a significant portion of the loot.

Despite recovering stolen funds, the network’s powering token, ZK, continues to exhibit bearish sentiment.

ZKSync Hacker Returns $5.7 Million

On April 15, the Ethereum-based  Layer-2 scalability solution, ZKsync, suffered a hack. The compromised account controlled $5 million worth of ZK tokens. Asreported, the incident had caused a 16% price drop.

The incident was controversial after some community members noticed some concerning data. The revelations led to dire allegations, with some likening ZkSync to Mantra (OM). To some, ZKsync responded to the hack by dumping their assets at an accelerated pace.

“The ZkSync team has released 110 million tokens and sold 66 million. The price of ZK is going against the trend as the market is recovering, and it has immediately dropped by 15%. First OM, now ZK, this project seems to be heading in the wrong direction,” one user noted.

This bordered on embezzlement. However, in a recent development, the ZKsync Association revealed that the hacker returned 90% of the funds, effectively honoring the safe harbor deadline.

Through an April 21 post on X (Twitter), the ZKsync Security Council offered the hacker a 10% bounty if they returned the stolen funds, allowing a 72-hour window.

“To resolve this matter amicably in the spirit of safe harbor, we are offering a 10% bounty for your cooperation if you return 90% of the funds involved in the exploit,” ZK Nation shared on X.

As it happened, the bad actor heeded, transferring almost $5.7 million to the ZKsync Security Council across three transfers on April 23.

Specifically, they sent two transfers on the ZKsync Era blockchain. The first involved sending $1.83 million worth of Ethereum (ETH) to the ZKsync Security Council’s ZKsync Era address, and the second involved sending $2.47 million worth of ZKsync tokens.

In the third transaction, the ZKSync hacker sent 776 ETH worth approximately $1.4 million to the ZkSync Security Council’s Ethereum address.

With this, the ZKsync Association committed to publishing a final report revealing more details about the security incident.

Meanwhile, it is worth noting that the hacker followed instructions given by the ZKsync Security Council to the letter. Based on this, the case closes without further action.

It mirrors past incidents, including Ronin Bridge hackers returning $10 million worth of ETH and earning a $500,000 bounty.

Despite the turn of events, however, the ZK token continues to display bearish sentiment, down by nearly 2% in the last 24 hours. As of this writing, ZKsync’s token was trading for $0.06.

Meanwhile, not all hacking incidents honor safe harbor offers. Recently, Bybit launched a bounty program offering up to 10% of recovered funds to ethical hackers and cybersecurity experts.

This incentivized efforts to reclaim $1.4 billion in stolen assets. While some efforts to reclaim lost assets yielded results, the partial recovery was thanks to key industry players stepping in, not the exploiter.

Meanwhile, other ecosystems leverage bounty programs to bolster security. Cardano’s Charles Hoskinson recently offered a $1 million bounty for hacking the new Lace Paper Wallet, testing its security.

Similarly, Uniswap announced a record-breaking $15.5 million bug bounty targeting critical vulnerabilities in its v4 core contracts.