In a context where cybersecurity has become a priority for decentralized protocols, zkSync demonstrates that a strategic dialogue with hackers can sometimes lead to a positive outcome. The Layer 2 network recently recovered the full $5 million in stolen chips, following a “white hat” agreement.
A flaw quickly exploited
- GemSwap incident: The hack was made possible by a vulnerability in a third-party project, GemSwap, deployed on the zkSync Era network. The hacker transferred the equivalent of $5 million in tokens to his own wallet.
- Rapid network response: The zkSync technical teams, in collaboration with the community, quickly identified the flaw and started discussions with the attacker to avoid irreversible losses.
A successful negotiation
What this means:
- A new-found credibility for zkSync, which managed the crisis calmly and efficiently.
- A demonstration that cooperation can sometimes replace confrontation, even in a sector as volatile as DeFi.
Persistent faults:
- The fact that the incident originated from a third-party project is a reminder of the fragility of the entire ecosystem, even for secure blockchains like zkSync.
- Increased reliance on non-judicial agreements, whose legitimacy is debatable in a regulatory context that remains unclear.
Conclusion
The zkSync affair illustrates both the constant threats to decentralized protocols and the innovative ways in which some players are choosing to tackle them. By recovering the $5 million via an unofficial “bug bounty”, the network shows that when it comes to security, flexibility can sometimes win out over rigidity. But will this strategy be viable in the long term in the face of larger-scale attacks?
