- The ZKsync hacker has accepted a 10% bounty and returned the rest of the funds
- The hacker had stolen $5 million by exploiting a weakness in the projects airdrop smart contract
- ZKsync said it has resolved the case and wont press legal charges
Ethereum layer 2 platform ZKsync has confirmed that its hacker has agreed to take a 10% bounty and return the rest of the funds. The attacker had exploited a vulnerability in the projects airdrop smart contracts to drain close to $5 million in ZK tokens and ETH. The recovered funds are under the custody of the protocols Security Council, awaiting a vote by the platforms community on how to utilize the funds.
Hacker Given Three Days
ZKsync had sent the hacker an on-chain message on April 21 and offered him 10% of the funds as a bounty and a return window of 72 hours. At the time, the scaling layer said it would publicly confirm the resolution [&] upon receipt of the full amount [&] before the end of the deadline.
However, it said it would involve law enforcement agencies and pursue a full criminal investigation if the attacker chooses to keep the entire loot. The scaling layer said its now working to piece together the final investigation report.
Hacker Stole Unclaimed Tokens
According to on-chain sleuths and researchers, the ZKsync attacker minted new tokens and scooped unclaimed tokens from the protocols airdrop contract. He then moved the stolen funds through the scaling layer and the Ethereum mainchain.
The hackers decision to return the funds comes two months after the 1inch attacker returned $5 million he had siphoned from the platform after taking a $450,000 bounty. It also comes as the Bybit hackers continue moving and laundering the $1.5 billion they stole from the exchange despite offering a $140 million bounty .
With the ZKsync hacker returning the funds, its to be seen how the protocol will utilize the funds since they werent officially in active circulation.
