ZKSYNC正在受到攻击：管理员密钥妥协，500万美元的ZK令牌被盗

此事件不会影响ZKSYNC协议，ZK令牌合同，三个治理合同或核心用户资产

ZKsync is under attack: admin key compromised, $5M in ZK tokens stolen

ZKSYNC正在受到攻击：管理员钥匙遭到损害，500万美元的ZK令牌被盗

The ZKsync security team has identified a compromised admin account that took control of ≈$5M worth of ZK tokens - the remaining unclaimed tokens from the ZKsync airdrop. Necessary security measures are being implemented. All user funds are safe and have never been at risk. The ZKsync protocol, the ZK token contract, the three governance contracts, and core user assets are not affected.

ZKSYNC安全团队已经确定了一个受损的管理员帐户，该帐户控制了≈500万美元的ZK代币 - 其余的无人认领的令牌来自ZKSYNC Airdrop。正在实施必要的安全措施。所有用户资金都是安全的，从未有风险。 ZKSYNC协议，ZK代币合同，三个治理合同和核心用户资产不受影响。

The incident is limited solely to the account that was the admin of the three airdrop distribution contracts, which was compromised. The address in question is: 0x842822c797049264A3c29464221995C56da5587D.

该事件仅限于账户，该帐户是三个被妥协的Airdrop分销合约的管理员。所讨论的地址是：0x842822C797049264A3C29464221995C56DA55587D。

Update: the investigation has revealed that the account that was the admin of the three airdrop distribution contracts had been compromised. The compromised account address is 0x842822c797049269A3c29464221995C56da5587D.

更新：调查显示，是三个Airdrop发行合同的管理员的帐户已被损害。折衷的帐户地址是0x842822C797049269A3C294642219995C56DA55587D。

The attacker called the sweepUnclaimed() function that permits collecting the unclaimed airdrop tokens and transferring them to a chosen address.

攻击者称为SweepunClaimed（）函数，该功能允许收集无人认领的Airdrop代币并将其转移到所选地址。

The attacker then used the public function sweepUnclaimed() to initiate a transaction.

然后，攻击者使用公共功能SweepunClaimed（）启动交易。

The majority of the tokens were then transferred to the address b1027ed67f89c9f588e097f70807163fec1005d3, which is presumably controlled by the attacker.

然后将大多数令牌转移到地址B1027ED67ED67F89C9F588E097F70807163FEC1005D3，大概由攻击者控制。

In total, 111 million ZKsync tokens were minted, estimated at a value of around $5 million.

总共铸造了1.11亿个ZKSYNC令牌，估计价值约500万美元。

The ZKsync team is working to clarify the full details of the incident in cooperation with Seal 911 and has also reached out to a number of crypto exchanges to ensure that any attempt to withdraw the stolen funds results in their freezing.

ZKSYNC团队正在努力阐明与Seal 911合作的事件的全部细节，并且还进行了许多加密交易所，以确保任何试图撤回被盗资金的尝试都会导致他们的冻结。

However, the attack had already impacted the ZKsync token’s price, with a sharp drop of ≈13% immediately following the incident - from $0.0477 to $0.0415.

但是，这次袭击已经影响了Zksync令牌的价格，事件发生后立即下降了约13％ - 从0.0477美元到0.0415美元。

It’s also worth noting that, just as the exploit was quickly contained, the token price also rebounded without major delay and is now trading at approximately $0.0464.

还值得注意的是，正如漏洞利用很快所包含一样，代币价格也没有重大延迟，现在的交易价格约为0.0464美元。

Just recently, we analyzed a rather sophisticated attack on Atomic and Exodus wallets. One of the key takeaways we highlighted was that attackers tend to target infrastructure surrounding blockchain solutions rather than the protocols themselves.

就在最近，我们分析了对原子和出埃及记钱包的相当复杂的攻击。我们强调的关键要点之一是，攻击者倾向于针对区块链解决方案而不是协议本身的基础设施。

This incident serves—albeit less obviously—as another illustration of that pattern. It’s significantly easier for attackers to compromise an administrative account than to hack a core protocol that has undergone extensive audits and has been battle-tested in production (although such attacks are still possible).

这一事件是这种模式的另一个例证。攻击者妥协的行政帐户要容易得多，而攻击了经过广泛审计并在生产中进行了战斗测试的核心协议（尽管这种攻击仍然是可能的）。

The same principle applies to integration or partner breaches, such as the recent case with Bybit, which remains one of the most advanced and secure crypto exchanges in the market.

同样的原则适用于集成或合作伙伴违规，例如最近与Bybit的案件，Bybit仍然是市场上最先进，最安全的加密交易所之一。