攻擊者今天鑄造了1.11億個ZK令牌

這是緊隨其後的ZKSYNC違規行為，涉及與該項目的Airdrop相關的受損的行政帳戶

An attacker has minted 111 million ZK tokens following a significant breach of ZKsync, a popular Layer 2 scaling network for Ethereum.

攻擊者在嚴重違反了以太坊的2層縮放網絡ZKSYNC之後，已經鑄造了1.11億個ZK令牌。

The incident involved a compromised administrative account key used to access three airdrop distribution contracts. As a result, an unclaimed pool of ZK tokens was exploited to mint an enormous number of tokens.

該事件涉及用於訪問三份Airdrop分銷合約的受損的行政帳戶密鑰。結果，無人認領的ZK代幣池被利用以鑄造大量令牌。

ZKsync confirmed the details in a statement on X (formerly Twitter), as the news pushed the ZK token price down about 13 percent. The compromised account address was identified as 0x842822c797049269A3c29464221995C56da5587D.

Zksync在X（以前是Twitter）的一份聲明中確認了細節，因為該消息將ZK代幣的價格降低了約13％。折衷的帳戶地址被確定為0x842822C797049269A3C29464221995C56DA555587D。

The breach was initially discovered by blockchain security firms, who observed a large-scale minting transaction on the ZKsync Era network.

違規最初是由區塊鏈安全公司發現的，後者觀察到ZKSYNC ERA網絡上的大規模鑄造交易。

The attacker specifically targeted a function within the airdrop contracts, which was designed to sweep up unclaimed tokens.

攻擊者專門針對空調合同中的功能，該功能旨在掃除無人認領的令牌。

“The attacker called the sweepUnclaimed() function that minted approximately 111 million unclaimed ZK tokens from the airdrop contracts,” ZKsync explained.

Zksync解釋說：“攻擊者稱為SweepunClaimed（）功能，從Airdrop合同中鑄造了約1.11億個無人認領的ZK令牌。”

This action essentially generated new tokens from the pool designated for users who had not yet claimed their airdrop allocation. The transaction can be viewed on the ZKsync Era blockchain explorer.

此操作基本上是從指定尚未聲稱其空調分配的用戶的池中生成的新令牌。可以在ZKSYNC ERA區塊鏈探索者中查看交易。

The scale of the breach, involving 111 million tokens, clarifies initial reports which estimated a lower figure. While the token’s price varies, the quantity minted represents a substantial portion of the unclaimed airdrop supply.

涉及1.11億個令牌的漏洞規模闡明了估計數字較低的初始報告。儘管令牌的價格有所不同，但鑄造的數量代表了無人認領的空調供應的很大一部分。

ZKsync quickly moved to contain the fallout from this specific vulnerability. Despite the compromise affecting the airdrop, officials stated that core infrastructure and user holdings remained safe.

ZKSYNC迅速移動以控制此特定漏洞的後果。儘管妥協影響了空調，但官員們表示，核心基礎設施和用戶持有仍然是安全的。

“This incident is contained to the airdrop distribution contracts only,” the statement went on to say. “All the funds that could be minted [via this method] have been minted. No further exploits via this method are possible.”

該聲明繼續說：“這一事件僅包含在Airdrop發行合同中。” “所有可以通過這種方法鑄造的資金都已被鑄造出來。不可能通過此方法進行進一步的利用。”

The project also confirmed the security of key components, separate from the specific point of failure in this breach.

該項目還確認了關鍵組件的安全性，與此違規中的特定故障點不同。

“The ZKsync protocol, ZK token contract, all three governance contracts, and all active Token Program capped minters have not been, and will not be impacted by this incident,” ZKsync stated.

Zksync說：“ ZKSYNC協議，ZK代幣合同，所有三項治理合同以及所有活躍的令牌計劃限制的Minters尚未受到這一事件的影響。”

Most of the minted tokens reportedly remain in an account controlled by the attacker (0xb1027ed67f89c9f588e097f70807163fec1005d3).

據報導，大多數鑄造代幣保留在攻擊者控制的帳戶中（0xB1027ED67ED67F89C9F588E097F70807163FEC1005D3）。

ZKsync announced coordination efforts aimed at recovery. “We’re coordinating the

Zksync宣布了旨在恢復的協調工作。 “我們正在協調