A compromised admin account linked to ZKsync’s airdrop contracts executed a transaction that minted roughly $5 million value of ZK tokens, stealing the remaining unclaimed allocation from the community’s first token distribution.
The attacker exploited a operate to say the tokens on April 15 and issued round 111 million ZK tokens, equal to roughly 0.45% of the protocol’s complete token provide.
In accordance with statements shared by ZKsync on X, the exploit was confined to the airdrop distribution contracts. It didn’t have an effect on the ZKsync protocol, the ZK token contract, governance infrastructure, or any capped minters related to the Token Program.
The protocol emphasised that person funds had been by no means in danger and described the incident as remoted, ensuing from a compromised non-public key controlling the affected admin account.
The attacker has already swapped $3.5 million of the stolen ZK tokens to Ethereum (ETH), as on-chain information factors out.
ZKsync’s crew acknowledged that restoration efforts are underway in coordination with exchanges and blockchain safety agency SEAL 911. The crew additionally issued a public name for the attacker to contact them to barter a return of the funds and keep away from authorized penalties.
In accordance with the crew’s forensic investigation, the exploiter can now not mint tokens utilizing the identical technique. The incident has not impacted protocol-level operations or the safety of ongoing governance actions.
After inner evaluations and restoration actions conclude, the mission will launch a full autopsy.
ZK token tanks
In accordance with CryptoSlate information, the ZK token has fallen by 8.6% over the previous 24 hours and is buying and selling at $0.04513 as of press time.
Since launch, the token has misplaced almost 90% of its worth, a reality raised by neighborhood members within the aftermath of the exploit.
In response, Matter Labs CEO Alex Gluchowski addressed issues on social media and stated the drawdown is akin to Ethereum and different layer-2 networks amid the broader market correction.
Gluchowski stated:
“ETH and each different L2 is down considerably from their ATHs. Nonetheless, each myself and Matter Labs are as dedicated as ever to the mission and success of ZKsync. I additionally see very bullish indicators from the brand new management of the Ethereum Basis.”
Gluchowski added that he would proceed answering public inquiries concerning the incident whereas the investigation stays energetic. ZKsync reiterated that they are going to share a technical replace as soon as they end an ongoing safety evaluation.
Although restricted in scope, the unauthorized minting has briefly inflated the circulating provide and prompted elevated scrutiny of key administration practices inside ZKsync’s good contract deployments.
Talked about on this article
