A serious hack nearly caused ZKsync – Ethereum's Layer-2 project – to lose nearly 5 million USD. But the unexpected happened: the hacker agreed to return the funds in exchange for a small reward and avoided criminal prosecution. Meanwhile, the overall picture of the crypto market shows a tumultuous quarter, with losses reaching 1.67 billion USD in just the first three months.
The ZKsync attack: Hacker 'withdraws quietly', then suddenly turns back.
#ZKsync has just confirmed it successfully recovered nearly 5 million USD in stolen cryptocurrency from the ZK token airdrop contract. This is the result of a 'safe harbor' agreement, under which the hacker retains 10% of the stolen funds as a 'bounty' if they return the remaining 90% within 72 hours.
The attack occurred when the hacker exploited a leaked private key from the token ZK airdrop contract. As a result, the attacker was able to create new tokens illegally and redirect funds from unclaimed amounts.
After the incident, ZKsync issued a statement committing not to prosecute if the funds are returned, while warning that if the hacker does not cooperate, they will refer the case to international criminal investigation authorities.
Fortunately, the hacker accepted this 'deal'. Over 44.6 million ZK tokens and nearly 1,800 ETH have been returned, currently held by the ZKsync Security Council, awaiting further decisions via the governance mechanism.
ZK token prices are volatile, but not collapsing.
Immediately after the hack, the price of $ZK token plummeted to $0.04, but then slightly recovered and is currently stable around $0.05, down about 2.6% in the last 24 hours.
ZKsync also reassured the community: 'All user funds are safe and unaffected.' The main smart contracts and Layer-2 protocols of ZKsync remain secure.
2025: The disaster year for blockchain security?
The ZKsync incident is just one part of the fierce wave of attacks occurring in the crypto industry in 2025. According to data from two major blockchain security companies, Immunefi and CertiK:
Total losses in Q1/2025 have reached 1.67 billion USD due to hacks, scams, and exploits.
Bybit is the biggest victim with losses of 1.45 billion USD, raising significant questions about the safety of centralized exchanges.
Ethereum continues to be the number one target, hacked for nearly 1.54 billion USD just in Q1, accounting for up to 98 separate incidents.
Private key vulnerabilities remain the top threat, causing 142.3 million USD in losses through just 15 incidents.
What is concerning is that the rate of asset recovery after theft is severely declining:
Only 0.38% of the funds stolen in this quarter have been recovered, a sharp drop from 42% in the previous quarter.
In February 2025 alone, not a single case managed to recover even 1 USD.
Contact Binance users and the crypto ecosystem.
The ZKsync incident is a clear reminder that securing smart contracts and private keys is a critical line of defense in the blockchain space. Although this incident was resolved smoothly, it should not lead the community to be complacent.
For Binance users or any other platform:
Prioritize projects with clear security audit processes.
Exercise caution when participating in airdrops, especially with emerging Layer-2 projects.
Never be complacent with private keys and personal wallets – even a small mistake can lead to irreversible losses.
Conclusion: Grit or luck?
ZKsync narrowly escaped disaster, thanks to adept crisis management and the unexpected 'cooperation' of the hacker. But that cannot obscure the much darker picture: the crypto market is facing a year full of uncertainty regarding security.
This event is a wake-up call for projects, investors, and users – that no matter how advanced the technology, security remains a vital factor for any blockchain protocol.
Risk warning: The cryptocurrency market poses high risks, with significant volatility and many technical vulnerabilities. Investment needs to be carefully considered, and participants should regularly update information from reliable sources. Crypto is not suitable for all investors.