ZKSYNC确认针对无人认领的空投代币的利用使一个未经授权的演员耗尽了约500万美元

ZKSYNC已确认，受损的管理员钱包使未经授权的演员从协议的Airdrop分发合同中筹集了价值约500万美元的ZK令牌。

The cryptocurrency protocol ZKsync has become the latest victim of a major exploit, with an administrator wallet compromise leading to the theft of around $5 million in ZK tokens from the protocol’s airdrop distribution contracts.

加密货币协议ZKSYNC已成为主要剥削的最新受害者，管理员钱包妥协导致从协议的Airdrop分配合同中盗窃了约500万美元的ZK代币。

The exploit was quickly contained by the ZKsync security team, who confirmed that the breach was isolated to the unclaimed portion of the airdrop and did not affect user funds or the core protocol infrastructure.

ZKSYNC安全团队很快包含了漏洞利用，他确认违规行为被隔离到空调的无人认领部分，并不影响用户资金或核心协议基础架构。

The exploit was detected on August 15, with the compromised key being used to call a function within one of the three airdrop contracts, enabling the minting and transfer of approximately 111 million unclaimed ZK tokens to the exploiter’s address.

8月15日检测到了漏洞利用，被折衷的钥匙被用来在三个Airdrop合同之一中调用功能，从而使大约1.11亿个无人认领的ZK令牌的铸造和转移到了exploiter的地址。

The ZK token contract, the ZKsync protocol itself, and governance-related contracts are all confirmed to be secure.

ZK代币合同，ZKSYNC协议本身和与治理相关的合同均被确认是安全的。

The sweep targeted only the unclaimed token allocations from the ZKsync airdrop, which was conducted in June. The exploit is limited to the functionality of the specific airdrop distribution contracts. All tokens that could be accessed through this method have already been minted, and the exploit has been contained.

扫描仅针对6月进行的ZKSYNC Airdrop的无人认领的令牌分配。利用仅限于特定的AirDrop分销合约的功能。可以通过此方法访问的所有令牌已经铸造，并且漏洞已包含。

The exploiter’s address, shared by ZKsync, is still holding the majority of the drained funds. The ZKsync security team is working with exchanges and blockchain monitoring organizations like @_seal_org to track the tokens and prevent further movement.

ZKSYNC共享的剥削者的地址仍在持有大部分排水资金。 ZKSYNC安全团队正在与@_seal_org等交易所和区块链监视组织合作，以跟踪令牌并防止进一步移动。

The protocol has also invited the exploiter to contact the team via their dedicated security channel, to arrange the return of the stolen funds.

该协议还邀请剥削者通过其专用安全渠道与团队联系，以安排被盗资金的返回。

Shortly after news of the breach surfaced, the price of ZK tokens was seen declining from highs of $0.047 to lows of $0.039. The token has since seen a minor recovery, trading at $0.04606 at the last check.

违规消息浮出水面后不久，ZK代币的价格从0.047美元下降到低点0.039美元。此后，该令牌已经进行了较小的恢复，最后一张支票的交易价格为0.04606美元。

This price movement showcases the heightened sensitivity of cryptocurrency investors to events related to protocol security.

这种价格运动展示了加密货币投资者对与协议安全有关的事件的敏感性。

In response to the incident, ZKsync plans to introduce several changes to its security infrastructure. These enhancements include transitioning to multi-party computation (MPC) wallets, deploying real-time transaction monitoring systems, and increasing decentralization with new governance mechanisms for treasury management.

为了应对事件，ZKSYNC计划对其安全基础架构进行一些更改。这些增强功能包括过渡到多方计算（MPC）钱包，部署实时交易监控系统以及通过用于国库管理的新治理机制来增加分权。

Earlier this year, ZKsync completed a major upgrade to its mainnet, rolling out its ‘zkSync 2.0’ scaling solution. The protocol also announced plans for an upcoming token distribution event.

今年早些时候，Zksync完成了对其主网的重大升级，推出了其“ ZKSYNC 2.0”缩放解决方案。该协议还宣布了即将举行的代币分销活动的计划。

ZKsync's token distribution strategy, which allocates 89% of tokens to users and 11% to ecosystem partners and developers, is also being reviewed following the incident.

事件发生后，Zksync的代币分销策略将89％的令牌分配给用户，并将11％的代币分配给生态系统合作伙伴和开发人员。

The protocol is currently engaged in an investigation to fully understand the scope of the breach and identify the parties responsible.

该协议目前正在进行调查，以充分了解违规的范围并确定当事方负责的当事方。