ZKSYNC遭受違規，導致500萬美元的ZK代幣被盜

Zksync遭受了違規，導致了500萬美元被盜的ZK令牌。一個管理員帳戶，尤其是與負責空投的智能合約的鏈接的帳戶。

Layer-2 scaling project ZKsync was today, July 10, subject to a breach. The breach saw an admin account, used to manage smart contracts for airdrops, compromised.

第2層縮放項目ZKSYNC今天是7月10日，遭受違規。漏洞看到了一個管理員帳戶，該帳戶用於管理空投的智能合約，並受到損害。

An attacker was able to use the function sweepUnclaimed() to mint 111 million ZK tokens. The project developers said the incident happened because of compromised keys linked to the admin wallet.

攻擊者能夠將swepunclaimed（）功能（）用於薄荷1.11億個ZK代幣。項目開發人員說，事件發生是由於與管理員錢包相關的鑰匙而發生的。

Three smart contracts were responsible for extracting the funds, according to the project developers.

項目開發商稱，三個智能合約負責提取資金。

ZKsync said the breach only affected the airdrop services and did not extend to the users’ funds. It was further stated that the core protocol, governance contracts, or the ZK token contract were not breached.

Zksync說，違規行為僅影響了空調服務，並沒有擴展到用戶的資金。進一步指出，核心方案，治理合同或ZK代幣合同未違反。

The project developers said they were investigating the actual details of the breach and will release an investigative report once their findings are complete. This post-mortem analysis has become common with blockchain security breaches. There seem to be a lot of lessons to take from these breaches that may help future projects avoid the mistakes made in the past.

該項目開發人員表示，他們正在調查違規的實際細節，並將一旦他們的發現完成，將發布一份調查報告。這種驗屍後的分析已被區塊鏈安全漏洞變得普遍。這些違規行為似乎有很多教訓可以幫助將來的項目避免過去犯的錯誤。

The attacker took control of the admin wallet and stole around $5 million in tokens. ZKsync is an Ethereum layer-2 project with zero-knowledge proofs.

攻擊者控制了管理錢包，並偷走了約500萬美元的代幣。 ZKSYNC是一個以太坊2層項目，具有零知識證明。

Despite the hack, the ZKsync team said the core protocol and token contract remained secure. However, traders may still be wary about trading the token despite these reassurances.

儘管有黑客攻擊，但ZKSYNC團隊表示，核心協議和令牌合同仍然安全。但是，儘管有這些保證，交易者仍可能對交易代幣保持警惕。

The main target of the attack was the airdrop tokens, which were meant to be used by future investors as a reward to entice users to engage with the protocol. Instead, the hacker stole all the airdrop tokens, leaving would-be investors without any enticements.

攻擊的主要目標是空投令牌，該代幣本來應該被未來的投資者用來獎勵用戶參與該協議的獎勵。取而代之的是，黑客偷走了所有的氣盤令牌，而將要成為投資者沒有任何誘因。

ZKsync aims to scale Ethereum with low-cost fees and high-speed transactions. This seems like a worthy goal given the issues of usability regarding the Ethereum blockchain.

ZKSYNC旨在以低成本費用和高速交易來擴展以太坊。考慮到以太坊區塊鏈的可用性問題，這似乎是一個值得的目標。

Many of ZKsync’s investors were upset by the news. Some expressed suspicion that the hack affected their enticements and not the salaries of the development team. One user even said they all knew what happened, suggesting that the project team had something to do with the breach.

ZKSYNC的許多投資者對這一消息感到不安。一些人表示懷疑黑客影響了他們的誘惑，而不是開發團隊的薪水。一位用戶甚至說他們都知道發生了什麼，這表明項目團隊與違規有關。

Earlier this month, blockchain analyst ZachXBT said the government may need to introduce more regulation to stop the ever-evolving attacks occurring with crypto projects.

本月初，區塊鏈分析師Zachxbt表示，政府可能需要提出更多的法規，以阻止加密項目發生的不斷發展的攻擊。

He claimed that the crypto industry was ineffective at responding to crypto hacks and that an external body, such as a government, may need to step in to stop the chaos and unaccountability.

他聲稱，加密貨幣行業對對加密貨幣的反應無效，外部機構（例如政府）可能需要介入以製止混亂和不恢復性。

“This industry is unbelievably cooked”, wrote ZachXBT, “when it comes to exploits/hacks, and sadly, I don't know if the industry will fix this itself unless the government passes some regulations that hurt our entire industry. Several 'decentralized' protocols have recently had nearly 100% of their monthly volume/fees derived from DPRK and refuse to take any responsibility”.

Zachxbt寫道：“當涉及利用/駭客時，這個行業是令人難以置信的烹飪，可悲的是，除非政府通過了一些損害我們整個行業的法規，否則我不知道該行業是否會解決此問題。最近，幾項“分散”協議最近從DPRK和任何責任中獲得了幾乎100％的每月費用/費用。”

The price of ZKsync crashed after the announcement, dropping around 20%. The drop may be partly due to the hacker cashing out all of the tokens. However, the price recovered back to just a 12% drop, which is still a reasonable drop, but not catastrophic, unless further drops occur in the near future.

宣布後，Zksync的價格崩潰了，下降了約20％。下降可能部分是由於黑客兌現了所有令牌。但是，價格恢復到僅12％的下降，這仍然是一個合理的下降，但沒有災難性的，除非在不久的將來發生進一步下降。

Investors were concerned that the increased liquidity, from the hacker selling the tokens, would jeopardise their investments. But many resumed trading the token after the ZKsync development team reassured users that the attack was isolated to the airdrop contacts.

投資者擔心流動性增加，來自賣給代幣的黑客會危害他們的投資。但是，在ZKSYNC開發團隊向用戶保證，攻擊被隔離到空投聯繫人之後，許多人恢復了令牌。