ZKsync: The recovered ETH will be gradually converted into ZK tokens, and the return plan is subject to voting

PA一线｜2025-04-25 22:16

PANews reported on April 25 that ZKsync released a security incident investigation report involving $5 million in ZK tokens. On April 13, the attacker used the stolen administrator key to mint 11.18 million unclaimed ZK tokens from three airdrop distribution contracts, and exchanged about 6.71 million of them for 1,116 ETH in the following two days. The development team Matter Labs immediately froze the relevant accounts after discovering the anomaly on April 15. After the ZKsync Security Committee issued a 72-hour "safe harbor" ultimatum, the attacker returned 90% of the funds on April 23 and received a 10% bounty. The remaining funds are currently in the custody of the Security Committee, and the subsequent disposal will be decided by community governance. After investigation, the incident was caused by the airdrop contract adopting an unsafe 1/1 multi-signature management model and retaining the token minting function that should have been removed.

ZKsync said that the incident only affected three specific airdrop distribution contracts, and the main network protocol and governance system were not damaged. To prevent similar incidents, the project will implement improvement measures such as regular rotation of multi-signatures and upgrading of monitoring systems. The recovered ETH will be gradually exchanged for ZK tokens, and the final return plan must be voted on by the token parliament. The investigation showed that the key may have been leaked from the account of a former employee, and no evidence of malicious intent was found.

Original Link

Author ：PA一线
This article reflects the opinions of PANews's columnist and does not represent the stance of PANews. PANews does not assume legal responsibility. The article and opinions do not constitute investment advice.
Image Source ： PA一线 If there is any infringement, please contact the author to remove it.