[GAP-3] Authorization for Security Council to Convert Recovered ETH into ZK

| Title | Authorization for Security Council to Convert Recovered ETH into ZK | | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Proposal Type | GAP | | One Sentence Summary | This proposal authorizes the ZKsync Security Council to convert ETH, recovered from the April 2025 exploit of unclaimed airdrop tokens, back into ZK tokens. | | Proposal Author | ZKsync Security Council | | Proposal Sponsor | Cyfrin | | Date Created | 1 May 2025 | | Version | 1.0 | | Summary of Action | Authorise Security Council to swap ETH to ZK, then transfer ZK to Token Governor Timelock. | | Link to contracts | Not Applicable |

Abstract

This proposal authorizes the ZKsync Security Council to convert ETH, recovered from the April 2025 exploit of unclaimed airdrop tokens, back into ZK tokens. The assets are currently in the custody of the Security Council following a successful safe harbor resolution with the hacker.

Due to the potential for arbitrage and market manipulation, the methods and timing of the ETH-to-ZK conversion will not be disclosed publicly in advance. By passing this proposal, the Token Assembly affirms its intent to restore the unminted airdrop token supply in ZK form and delegates execution authority to the Security Council, under conditions of post-trade transparency and governance oversight.

Motivation

On April 13th, 2025, a compromised admin key was used to mint ~111.8 million ZK tokens from expired airdrop distributor contracts (see announcement). Following incident response and investigation, the Security Council negotiated a 90% return of the exploited funds. The recovered funds are currently held in Security Council multisigs on ZKsync Era and Ethereum.

The following table summarises the returned funds:

| Asset Type | Amount Returned | Chain | Receiving Address | Transaction Link | | ---------- | ------------------ | ----------- | -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | | ZK Tokens | 44,687,278.5988 ZK | ZKsync Era | 0xfFB6126FF8401665081b771bB11cCD0e09f95D5A | View Transaction | | ETH | 1,021.3 ETH | ZKsync Era | 0xfFB6126FF8401665081b771bB11cCD0e09f95D5A | View Transaction | | ETH | 776 ETH | Ethereum L1 | 0xb13dF19C56a75f9087CC03b10D482B4a775daB47 | View Transaction |

This proposal ensures that the recovered ETH is responsibly converted back into ZK to align with the original intent of ZKsync governance. The recommended action minimizes risk to the protocol and the token by allowing operational discretion to the Security Council, who is trusted with emergency mitigation.

Specification

If this proposal is approved, the ZKsync Security Council is authorized to convert the recovered ETH into ZK tokens, including bridging and/or transferring ETH to a destination that allows for this conversion.

The timing, venue, and method of conversion shall be at the discretion of the Security Council, guided by the best interests of the Token Assembly. Public disclosure of trade details in advance is not required in order to minimize the risk of arbitrage or market manipulation.

Once all recovered ETH has been converted to ZK, the Security Council will transfer the total amount of ZK tokens to governance custody by transferring the tokens to the Token Governor Timelock, which is controlled by the Token Assembly.

A public report will be issued upon completion of the conversion, summarizing the trade method, execution outcomes, and custody details. The Security Council must confirm that no personal gain was derived by the Security Council entity or members of the Security Council from the execution of the trades.

This is a one-time authorization limited to the ETH recovered from the April 2025 exploit.

Other Information

• Incident Report: Compromised Admin Key to Unclaimed Airdrop Tokens
• Returned Funds Onchain Confirmation
• Security Council Safe Harbor Message

https://tally.xyz/gov/zksync/proposal/103259976736823883300634095721999212673593591495252565610431467445162492146868