In a significant development, the ZKsync Association has confirmed the recovery of $5 million in stolen tokens following an April 15 security breach. The hacker, who exploited a vulnerability in the airdrop distribution contract to mint unauthorized ZK tokens, agreed to a 10% bounty and return the majority of the remaining funds. This agreement was reached on April 23rd, with the hacker transferring almost $5.7 million across three transfers to the ZKsync Security Council, exceeding the initial theft amount thanks to an increase in the stolen token value. The Association confirmed that user funds were not compromised and details about the incident will be revealed in a forthcoming report.