ZKSYNC通過與黑客達成協議，在Airdrop漏洞中竊取了500萬美元

Zksync確認，在與剝削者達成協議後，最近涉及其空投分銷合約的違規行為中，它已經完全收回了大約500萬美元的ZK令牌。

ZKSync has fully recovered the $5 million in ZK tokens stolen in a recent breach of airdrop distribution contracts, the protocol announced on Sunday.

該協議在周日宣布，ZKSYNC在最近違反了Airdrop發行合同中，已完全收回了500萬美元的ZK代幣。

The announcement on social media follows a 72-hour “safe harbor” window offered by the protocol’s Security Council.

社交媒體上的公告講述了協議安全理事會提供的72小時“安全港”窗口。

According to the team, the returned assets are now held in custody by the Security Council, with protocol governance determining the final decision on their use. A detailed forensic report on the incident and subsequent recovery is being prepared.

據該團隊稱，返回的資產現在由安全理事會拘留，協議治理決定了其使用的最終決定。正在準備有關事件和隨後恢復的詳細法醫報告。

Exploiter complies with safe harbor terms

剝削者符合安全港的條款

The exploit, which occurred on April 15, involved the unauthorized minting of roughly 111 million ZK tokens, or about $5 million at the time, through a compromised admin key.

該漏洞利用發生於4月15日，涉及通過折衷的管理員密鑰未經授權的鑄造，當時約有1.11億個ZK令牌，或當時約500萬美元。

The vulnerability was confined to ZKSync’s airdrop distribution contracts and did not affect the broader protocol infrastructure, ZK token contract, or governance operations.

該漏洞僅限於ZKSYNC的空投分配合同，並不影響更廣泛的協議基礎設施，ZK代幣合同或治理操作。

The attacker bypassed standard allocation mechanisms and claimed unclaimed tokens from the network’s first distribution round. On-chain data later confirmed that the exploiter swapped approximately $3.5 million in stolen ZK tokens for Ethereum (ETH).

攻擊者繞過了標準分配機制，並從網絡的第一輪中聲稱無人認領的令牌。鏈上的數據後來證實，剝削者將大約350萬美元的被盜ZK令牌交換為以太坊（ETH）。

ZKSync assured users that the incident did not compromise customer funds or core infrastructure.

ZKSYNC向用戶保證，該事件不會損害客戶資金或核心基礎架構。

To avoid prolonged legal proceedings, ZKSync’s Security Council issued an on-chain message to the exploiter, offering a 10% bounty for returning 90% of the exploited funds.

為了避免延長法律程序，ZKSYNC的安全理事會向剝削者發出了鏈上的信息，為返還90％的被剝削資金提供了10％的賞金。

The proposal included specific wallet addresses for transferring ZK and ETH tokens across the ZKSync Era network and Ethereum’s mainnet by the stated deadline.

該提案包括特定的錢包地址，用於將ZK和ETH代幣轉移到ZKSYNC ERA網絡上，以及陳述的截止日期。

The agreement was contingent on the full return of funds by the stated deadline. ZKSync confirmed the resolution of the matter with the assets successfully transferred, adding that it won’t take further action against the attacker.

該協議取決於規定的截止日期的全部資金回報。 ZKSYNC通過成功轉讓資產證實了此事的解決方案，並補充說，它不會對攻擊者採取進一步的行動。

“We are pleased to announce that the exploiter has returned the stolen ZK tokens, and we have reached an agreement to resolve the incident,” the team said.

該團隊說：“我們很高興地宣布，剝削者已經返回了被盜的ZK令牌，我們已經達成了解決事件的協議。”

“The recovered assets are currently held by the ZKSync Security Council, and protocol governance will decide on their future use.”

“回收資產目前由ZKSYNC安全理事會持有，協議治理將決定其未來使用。”

The recovered assets are currently held by the ZKSync Security Council, and protocol governance will decide on their future use. A detailed forensic report on the incident and subsequent recovery is being prepared and will be shared shortly.

回收資產目前由ZKSYNC安全理事會持有，協議治理將決定其未來使用。正在準備有關事件和隨後恢復的詳細法醫報告，並將在不久後分享。

According to the team, the incident has prompted renewed scrutiny over smart contract access controls, particularly regarding admin key security and airdrop mechanisms.

據該團隊稱，該事件對智能合約訪問控制權進行了重新審查，尤其是有關管理員密鑰安全性和空調機制的審查。

Despite the swift recovery, the exploit temporarily inflated the ZK token supply and triggered a market reaction.

儘管迅速恢復，但這種利用暫時使ZK令牌供應膨脹，並引發了市場反應。

Moreover, the price of ZK did not react to the news, with just a 0.5% increase since the ZKSync revealed the agreement and recovery of funds.

此外，ZK的價格對新聞沒有反應，自ZKSYNC揭示了資金的協議和收回以來，ZK的價格僅增加了0.5％。

The post ZKSync fully recovers $5 million stolen in recent exploit appeared first on Chain Teller.

ZKSYNC帖子在​​最近的漏洞中完全恢復了500萬美元，這是Chain Teller首次出現的。