ZKsync Price Falters Despite 90% of Stolen Funds Returned Within Safe Harbor Deadline

Over a week after the Zksync hacking incident, the exploiter agreed to a bounty and returned a significant portion of the loot.

Despite recovering stolen funds, the network’s powering token, ZK, continues to exhibit bearish sentiment.

ZKSync Hacker Returns $5.7 Million

On April 15, the Ethereum-based  Layer-2 scalability solution, ZKsync, suffered a hack. The compromised account controlled $5 million worth of ZK tokens. As BeInCrypto reported, the incident had caused a 16% price drop.

The incident was controversial after some community members noticed some concerning data. The revelations led to dire allegations, with some likening ZkSync to Mantra (OM). To some, ZKsync responded to the hack by dumping their assets at an accelerated pace.

“The ZkSync team has released 110 million tokens and sold 66 million. The price of ZK is going against the trend as the market is recovering, and it has immediately dropped by 15%. First OM, now ZK, this project seems to be heading in the wrong direction,” one user noted.

This bordered on embezzlement. However, in a recent development, the ZKsync Association revealed that the hacker returned 90% of the funds, effectively honoring the safe harbor deadline.

We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. As stated in the original Security Council message, the case is now considered resolved.The assets are now in custody of the Security Council, and the decision on what… 

— ZK Nation (@TheZKNation) April 23, 2025

Through an April 21 post on X (Twitter), the ZKsync Security Council offered the hacker a 10% bounty if they returned the stolen funds, allowing a 72-hour window.

“To resolve this matter amicably in the spirit of safe harbor, we are offering a 10% bounty for your cooperation if you return 90% of the funds involved in the exploit,” ZK Nation shared on X.

As it happened, the bad actor heeded, transferring almost $5.7 million to the ZKsync Security Council across three transfers on April 23.

Specifically, they sent two transfers on the ZKsync Era blockchain. The first involved sending $1.83 million worth of Ethereum (ETH) to the ZKsync Security Council’s ZKsync Era address, and the second involved sending $2.47 million worth of ZKsync tokens.

Transfers made through the ZkSync Era blockchain. Source: explorer.zksync.io

In the third transaction, the ZKSync hacker sent 776 ETH worth approximately $1.4 million to the ZkSync Security Council’s Ethereum address.

Transfers made to the ZKsync Security Council’s ZKsync Era address. Source: Etherscan.io

With this, the ZKsync Association committed to publishing a final report revealing more details about the security incident.

Meanwhile, it is worth noting that the hacker followed instructions given by the ZKsync Security Council to the letter. Based on this, the case closes without further action.

It mirrors past incidents, including Ronin Bridge hackers returning $10 million worth of ETH and earning a $500,000 bounty.

Despite the turn of events, however, the ZK token continues to display bearish sentiment, down by nearly 2% in the last 24 hours. As of this writing, ZKsync’s token was trading for $0.06.

ZKsync (ZK) Price Performance. Source: BeInCrypto

Meanwhile, not all hacking incidents honor safe harbor offers. Recently, Meanwhile, other ecosystems leverage bounty programs to bolster security. Cardano’s Charles Hoskinson recently offered a $1 million bounty for hacking the new Lace Paper Wallet, testing its security.

Similarly, Uniswap announced a record-breaking $15.5 million bug bounty targeting critical vulnerabilities in its v4 core contracts.