Hacker Takes Bounty Deal, Returns $5.7 Million to ZKsync After Token Heist

The security incident happened on April 15, which targeted a contract used for distributing tokens.

To resolve the situation, ZKsync offered a "safe harbor" option—no legal consequences if the stolen funds were returned within 72 hours. The hacker responded by sending back around $5.7 million in three separate transactions on April 23.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

How to Invest in Crypto: 6 Rewarding Strategies (Animated)

SUBSCRIBE

ON YOUTUBE

Two of those transactions were made on the ZKsync Era network. One included $2.47 million in ZKsync tokens, while the other carried $1.83 million in ETH ETH $1,778.05 . A third transfer of 776 ETH, worth about $1.4 million, was sent to a separate Ethereum wallet controlled by the project’s Security Council.

According to blockchain records, the first return took place at 2:39 PM UTC, and the final transfer was made just 13 minutes later—all within the agreed timeframe.

The ZKsync Association shared the update on X, saying, "We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline".

Additionally, ZKsync plans to release a full report explaining how the attack happened, what went wrong, and what steps will be taken to improve security.

On April 21, Bybit CEO Ben Zhou shared new details on X about the February digital asset theft linked to North Korea’s Lazarus Group. What did he say? Read the full story.