A compromised admin account linked to ZKsync’s airdrop contracts executed a transaction that minted roughly $5 million price of ZK tokens, stealing the remaining unclaimed allocation from the community’s first token distribution.
The attacker exploited a operate to assert the tokens on April 15 and issued round 111 million ZK tokens, equal to roughly 0.45% of the protocol’s whole token provide.
Based on statements shared by ZKsync on X, the exploit was confined to the airdrop distribution contracts. It didn’t have an effect on the ZKsync protocol, the ZK token contract, governance infrastructure, or any capped minters related to the Token Program.
The protocol emphasised that consumer funds have been by no means in danger and described the incident as remoted, ensuing from a compromised personal key controlling the affected admin account.
The attacker has already swapped $3.5 million of the stolen ZK tokens to Ethereum (ETH), as on-chain data points out.
ZKsync’s crew acknowledged that restoration efforts are underway in coordination with exchanges and blockchain safety agency SEAL 911. The crew additionally issued a public name for the attacker to contact them to barter a return of the funds and keep away from authorized penalties.
Based on the crew’s forensic investigation, the exploiter can not mint tokens utilizing the identical technique. The incident has not impacted protocol-level operations or the safety of ongoing governance actions.
After inside opinions and restoration actions conclude, the undertaking will launch a full autopsy.
ZK token tanks
Based on CryptoSlate knowledge, the ZK token has fallen by 8.6% over the previous 24 hours and is buying and selling at $0.04513 as of press time.
Since launch, the token has misplaced practically 90% of its worth, a reality raised by neighborhood members within the aftermath of the exploit.
In response, Matter Labs CEO Alex Gluchowski addressed issues on social media and stated the drawdown is corresponding to Ethereum and different layer-2 networks amid the broader market correction.
Gluchowski stated:
“ETH and every other L2 is down significantly from their ATHs. Nevertheless, both myself and Matter Labs are as committed as ever to the mission and success of ZKsync. I also see very bullish signs from the new leadership of the Ethereum Foundation.”
Gluchowski added that he would continue answering public inquiries concerning the incident whereas the investigation stays energetic. ZKsync reiterated that they’ll share a technical replace as soon as they end an ongoing safety evaluation.
Although restricted in scope, the unauthorized minting has briefly inflated the circulating provide and prompted elevated scrutiny of key administration practices inside ZKsync’s sensible contract deployments.
Talked about on this article
| CoinFN
