The hacker who stole $5 million from ZKsync, an Ethereum scaling protocol, has returned the funds after accepting a 10% bounty. The swift resolution, alongside a similar KiloEx hack recovery, highlights a growing trend of negotiated settlements in crypto heists.
Hacker Cooperates, Returns Loot
On April 15, 2025, a hacker exploited a flaw in ZKsync’s airdrop contract, minting 110 million ZK tokens worth about $5 million by accessing a compromised admin key. The breach targeted unclaimed tokens, siphoning off 44.6 million ZK tokens and 1,800 ETH. ZKsync’s Security Council quickly issued an on-chain ultimatum: “Return 90% of the funds within 72 hours for a 10% bounty, or face legal action”.
The hacker complied, transferring the total stolen funds in three transactions to designated wallets on the ZKsync Era network and Ethereum mainnet. The recovered assets, now under the Security Council’s custody, await governance decisions. The protocol praised the hacker’s cooperation, noting the case’s closure without further escalation.
Similarly, KiloEx, a decentralized exchange, faced a $7.5 million hack on April 14 due to a price oracle vulnerability. Like ZKsync, KiloEx offered a 10% bounty ($750,000), and the hacker returned all funds by April 18, allowing full recovery without user losses. Both platforms resumed operations, with KiloEx compensating affected users.
Bounties: An Option for Hackers
The ZKsync and KiloEx hackers’ decisions to return funds contrast with cases where hackers ignore safe harbor offers, like Bybit’s ongoing $1.4 billion recovery effort. Accepting bounties reflects a pragmatic choice, as blockchain traceability and legal threats pressure exploiters. This trend suggests bounties are more effective than prolonged legal battles.
However, it raises concerns about whether bounties may encourage hacks, and persistent vulnerabilities expose DeFi’s security gaps. ZKsync’s ZK token, despite the recovery, fell 0.2% amid bearish sentiment, signaling investor unease.
The industry is faced with enhancing its approach to smart contract audits and regulatory oversight to effectively cushion the risk of exploits, as occurrences of price manipulation and breaches related to administrative keys continue to be a major concern.
