ZKSync Hacker Returns $5M in Stolen Tokens After Accepting 10% Bounty

ZKsync said $5 million worth of tokens stolen during an admin wallet hack last week have been returned and the case is now considered resolved.
The layer-2 blockchain protocol saw a hacker compromise its admin wallet, leading to the theft of unclaimed tokens from the ZKsync airdrop.
In a post on X, the project said the hacker cooperated with the team and returned the funds within the “safe harbor” deadline — a grace period commonly offered in security incidents to incentivize returns without legal consequence. The cooperation means the hacker took a 10% bounty.
The tokens are now in custody of the ZKsync Security Council and a governance process will determine what to do with them. A final investigation report is being prepared and will be published when complete.