ZKSYNC在黑客同意退還資金後，恢復了價值570萬美元的加密貨幣

ZKSYNC在黑客同意退還大多數資金被盜之後，已成功收回了價值570萬美元的加密貨幣

Cryptoeconomic security startup ZKsync has recovered nearly $5.7 million after a hacker agreed to return the majority of funds stolen during an April 15 security breach.

加密經濟安全初創公司ZKSync在黑客同意在4月15日的安全違規中返回大多數資金後，已收回了近570萬美元。

The recovery comes after the protocol’s Security Council offered a 10% bounty to the attacker in exchange for returning the remaining 90% of the stolen assets. The stolen funds were returned in three separate transfers on Sunday, all completed within a 72-hour “safe harbor” deadline set by the ZKsync team.

在協議安全委員會向襲擊者提供10％的賞金之後，恢復是換回剩餘的90％被盜資產的賞金。被盜的資金在周日的三個單獨轉移中退還了，所有資金均在ZKSYNC團隊設定的72小時“安全港”截止日期內完成。

The recovery includes both ZK tokens and Ethereum (ETH) sent to designated addresses on the ZKsync Era network and Ethereum mainnet.

恢復包括ZK代幣和以太坊（ETH）發送到ZKSYNC ERA網絡和以太坊主網上的指定地址。

“We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. As stated in the original Security Council message, the case is now considered resolved,” the ZKsync Association announced on X (formerly Twitter).

ZKSYNC協會在X（以前是Twitter）上宣布：“我們很高興分享黑客合作並退還了安全港截止日期的資金。正如原始安全理事會的消息中所述，該案現在被認為是解決的。”

The announcement was later reshared by ZKsync’s official account and Matter Labs, the company behind the protocol.

該公告後來由ZKSYNC的官方帳戶和物質實驗室重新審查，該公司背後的公司。

The security incident stemmed from a compromised administrator account that gave the attacker unauthorized access to ZKsync’s airdrop distribution system. Using this access, the hacker exploited the sweepUnclaimed() function to mint 111 million ZK tokens that had not yet been claimed by users.

安全事件源於受損的管理員帳戶，該帳戶使攻擊者未經授權訪問ZKSYNC的Airdrop分發系統。使用此訪問，黑客將SweepunClaimed（）函數利用為用戶尚未要求的1.11億個ZK令牌。

This exploit happened during ZKsync’s token distribution event, which was in the process of airdropping 17.5% of the total ZK token supply to participants in its ecosystem. The breach was confined to the distribution contracts and did not affect the core protocol infrastructure.

這種利用發生在ZKSYNC的代幣分銷事件中，該事件正處於其生態系統中參與者的ZK令牌供應總量的17.5％。違規行為僅限於分配合同，不影響核心協議基礎設施。

After obtaining the tokens, the hacker converted approximately $3.5 million worth of the stolen ZK tokens to Ethereum, according to on-chain data. The total value of stolen assets was estimated at $5 million at the time of the hack.

根據鏈數據，該黑客獲得了代幣後，將大約350萬美元的被盜ZK代幣轉換為以太坊。入侵時估計被盜資產的總價值為500萬美元。

ZKsync quickly assured users that their personal funds remained safe throughout the incident. The team emphasized that the vulnerability was isolated to the airdrop mechanism and did not compromise any user wallets or the broader ZKsync network.

ZKSYNC迅速向用戶保證，在整個事件中，他們的個人資金仍然安全。該團隊強調，漏洞被隔離到空調機制，並且沒有損害任何用戶錢包或更廣泛的ZKSYNC網絡。

Rather than pursuing legal action immediately, ZKsync’s Security Council took a pragmatic approach to recovering the funds. They sent an on-chain message directly to the attacker with a simple offer: return 90% of the stolen funds and keep 10% as a bounty reward.

ZKSYNC的安全委員會沒有立即採取法律訴訟，而是採取了務實的方法來收回資金。他們以簡單的報價直接向攻擊者發送了鏈上的消息：退還90％的被盜資金，並保留10％作為賞金獎勵。

The council also provided specific wallet addresses for the return of both ZK tokens and ETH across the ZKsync Era network and Ethereum’s mainnet, with the agreement that all funds must be returned within the 72-hour deadline.

該委員會還提供了特定的錢包地址，用於在整個ZKSYNC ERA網絡和以太坊的Mainnet中返回ZK令牌和ETH，並協議必須在72小時的截止日期內退還所有資金。

This strategy proved successful when the hacker initiated the first transfer at 2:39:57 pm UTC on Sunday. Two additional transfers followed within 13 minutes, completing the return of funds well within the established timeframe.

當黑客在周日下午2:39:57啟動第一次轉會時，該策略被證明是成功的。在13分鐘內進行了另外兩次轉移，完成了既定時間範圍內的資金回報。

The returned assets, now valued at nearly $5.7 million due to price increases in both ZK and ETH since the theft, are currently being held by the ZKsync Security Council. The final allocation of these recovered funds will be determined through the protocol’s governance process.

自盜竊以來，由於ZK和ETH的價格上漲，返回的資產現在價值近570萬美元，目前由ZKSYNC安全理事會持有。這些收回資金的最終分配將通過協議的治理過程確定。

ZKsync has also committed to publishing a comprehensive forensic report detailing the security incident and recovery process. This report will likely provide additional insights into how the breach occurred and what measures are being implemented to prevent similar exploits in the future.

ZKSYNC還致力於發布一份全面的法醫報告，詳細介紹了安全事件和恢復過程。該報告可能會提供有關違規情況如何發生以及採取哪些措施來防止類似利用的措施的更多見解。

Despite the successful recovery, the ZK token price showed minimal reaction to the news. The token was actually down 0.2% over the 24 hours following the announcement.

儘管恢復成功，但ZK代幣價格對新聞的反應很小。在宣布後的24小時內，令牌實際上下降了0.2％。

ZKsync Era, the layer 2 scaling solution affected by the breach, continues to operate normally. The platform uses zero-knowledge rollups to process Ethereum transactions more efficiently and at lower cost. Current metrics show nearly $59 million in total value locked on the chain and over $2 billion in real-world assets deployed through the protocol.

ZKSYNC ERA是受漏洞影響的第2層縮放解決方案，繼續正常運行。該平台使用零知識匯總來更有效地以較低的成本處理以太坊交易。當前的指標顯示，鎖定在鏈條上的總價值將近5900萬美元，通過協議部署的現實世界資產超過20億美元。

The incident highlights an emerging trend in the cryptocurrency space where projects are offering bounties to incentivize the return of stolen funds, often proving more effective than traditional recovery methods. By avoiding lengthy legal proceedings, ZKsync was able to recover the assets quickly and without further disruption to their ecosystem.

該事件突出了加密貨幣領域的新興趨勢，在該空間中，項目提供賞金以激勵被盜資金的回報，通常證明比傳統的恢復方法更有效。通過避免長期的法律程序，Zksync能夠快速收回資產，而不會進一步破壞其生態系統。