ZKSYNC確認針對無人認領的空投代幣的利用使一個未經授權的演員耗盡了約500萬美元

ZKSYNC已確認，受損的管理員錢包使未經授權的演員從協議的Airdrop分發合同中籌集了價值約500萬美元的ZK令牌。

The cryptocurrency protocol ZKsync has become the latest victim of a major exploit, with an administrator wallet compromise leading to the theft of around $5 million in ZK tokens from the protocol’s airdrop distribution contracts.

加密貨幣協議ZKSYNC已成為主要剝削的最新受害者，管理員錢包妥協導致從協議的Airdrop分配合同中盜竊了約500萬美元的ZK代幣。

The exploit was quickly contained by the ZKsync security team, who confirmed that the breach was isolated to the unclaimed portion of the airdrop and did not affect user funds or the core protocol infrastructure.

ZKSYNC安全團隊很快包含了漏洞利用，他確認違規行為被隔離到空調的無人認領部分，並不影響用戶資金或核心協議基礎架構。

The exploit was detected on August 15, with the compromised key being used to call a function within one of the three airdrop contracts, enabling the minting and transfer of approximately 111 million unclaimed ZK tokens to the exploiter’s address.

8月15日檢測到了漏洞利用，被折衷的鑰匙被用來在三個Airdrop合同之一中調用功能，從而使大約1.11億個無人認領的ZK令牌的鑄造和轉移到了exploiter的地址。

The ZK token contract, the ZKsync protocol itself, and governance-related contracts are all confirmed to be secure.

ZK代幣合同，ZKSYNC協議本身和與治理相關的合同均被確認是安全的。

The sweep targeted only the unclaimed token allocations from the ZKsync airdrop, which was conducted in June. The exploit is limited to the functionality of the specific airdrop distribution contracts. All tokens that could be accessed through this method have already been minted, and the exploit has been contained.

掃描僅針對6月進行的ZKSYNC Airdrop的無人認領的令牌分配。利用僅限於特定的AirDrop分銷合約的功能。可以通過此方法訪問的所有令牌已經鑄造，並且漏洞已包含。

The exploiter’s address, shared by ZKsync, is still holding the majority of the drained funds. The ZKsync security team is working with exchanges and blockchain monitoring organizations like @_seal_org to track the tokens and prevent further movement.

ZKSYNC共享的剝削者的地址仍在持有大部分排水資金。 ZKSYNC安全團隊正在與@_seal_org等交易所和區塊鏈監視組織合作，以跟踪令牌並防止進一步移動。

The protocol has also invited the exploiter to contact the team via their dedicated security channel, to arrange the return of the stolen funds.

該協議還邀請剝削者通過其專用安全渠道與團隊聯繫，以安排被盜資金的返回。

Shortly after news of the breach surfaced, the price of ZK tokens was seen declining from highs of $0.047 to lows of $0.039. The token has since seen a minor recovery, trading at $0.04606 at the last check.

違規消息浮出水面後不久，ZK代幣的價格從0.047美元下降到低點0.039美元。此後，該令牌已經進行了較小的恢復，最後一張支票的交易價格為0.04606美元。

This price movement showcases the heightened sensitivity of cryptocurrency investors to events related to protocol security.

這種價格運動展示了加密貨幣投資者對與協議安全有關的事件的敏感性。

In response to the incident, ZKsync plans to introduce several changes to its security infrastructure. These enhancements include transitioning to multi-party computation (MPC) wallets, deploying real-time transaction monitoring systems, and increasing decentralization with new governance mechanisms for treasury management.

為了應對事件，ZKSYNC計劃對其安全基礎架構進行一些更改。這些增強功能包括過渡到多方計算（MPC）錢包，部署實時交易監控系統以及通過用於國庫管理的新治理機制來增加分權。

Earlier this year, ZKsync completed a major upgrade to its mainnet, rolling out its ‘zkSync 2.0’ scaling solution. The protocol also announced plans for an upcoming token distribution event.

今年早些時候，Zksync完成了對其主網的重大升級，推出了其“ ZKSYNC 2.0”縮放解決方案。該協議還宣布了即將舉行的代幣分銷活動的計劃。

ZKsync's token distribution strategy, which allocates 89% of tokens to users and 11% to ecosystem partners and developers, is also being reviewed following the incident.

事件發生後，Zksync的代幣分銷策略將89％的令牌分配給用戶，並將11％的代幣分配給生態系統合作夥伴和開發人員。

The protocol is currently engaged in an investigation to fully understand the scope of the breach and identify the parties responsible.

該協議目前正在進行調查，以充分了解違規的範圍並確定當事方負責的當事方。