Please see X post communicating the incident.
"ZKsync security team has identified a compromised admin account that took control of ~$5M worth of ZK tokens — the remaining unclaimed tokens from the ZKsync airdrop. Necessary security measures are being taken.
All user funds are safe and have never been at risk. The ZKsync protocol and ZK token contract remained secure, and no further ZK is at risk.
This is an isolated incident caused by a compromised key and confined to the ZK Token airdrop contract.
The investigation is ongoing, and a detailed update will be shared later today."
2 Likes
See X post with update
"Update: the investigation has revealed that the account that was the admin of the three airdrop distribution contracts had been compromised. The compromised account address is 0x842822c797049269A3c29464221995C56da5587D.
The attacker called the sweepUnclaimed() function that minted approximately 111 million unclaimed ZK tokens from the aidrop contracts. The mint transaction: https://era.zksync.network/tx/0x14b120ff26e8d678fdaa26eef81cf166cb8bc1a20e9bdef6a02fd2af2ee0071e
This tx inflated the amount of tokens in circulation by ~0.45% of the total token supply.
This incident is contained to the airdrop distribution contracts only and all the funds that could be minted have been minted. No further exploits via this method are possible.
The ZKsync protocol, ZK token contract, all three governance contracts, and all active Token Program capped minters have not been, and will not be impacted by this incident.
Attacker still holds the majority of funds on this account: https://era.zksync.network/address/0xb1027ed67f89c9f588e097f70807163fec1005d3 We’re coordinating the recovery efforts with @_seal_org and exchanges. We’re encouraging the attacker to get in touch with security@zksync.io to negotiate the return of the funds and avoid legal liability."
Please see X post with new update
"Update: further investigation has confirmed yesterday’s findings that the compromise was contained to the airdrop distribution contracts and no additional ZK tokens can be minted from this contract.
User funds are secure and were never at risk. The ZKsync protocol, ZK token contract, all three governance contracts, and all active Token Program capped minters are not impacted by this incident.
The investigation and recovery efforts are on-going. We will share material updates as we have them, and will have a comprehensive incident report to share with the community once the investigation is fully completed."
1 Like