ZKSYNC通过与黑客达成协议，在Airdrop漏洞中窃取了500万美元

Zksync确认，在与剥削者达成协议后，最近涉及其空投分销合约的违规行为中，它已经完全收回了大约500万美元的ZK令牌。

ZKSync has fully recovered the $5 million in ZK tokens stolen in a recent breach of airdrop distribution contracts, the protocol announced on Sunday.

该协议在周日宣布，ZKSYNC在最近违反了Airdrop发行合同中，已完全收回了500万美元的ZK代币。

The announcement on social media follows a 72-hour “safe harbor” window offered by the protocol’s Security Council.

社交媒体上的公告讲述了协议安全理事会提供的72小时“安全港”窗口。

According to the team, the returned assets are now held in custody by the Security Council, with protocol governance determining the final decision on their use. A detailed forensic report on the incident and subsequent recovery is being prepared.

据该团队称，返回的资产现在由安全理事会拘留，协议治理决定了其使用的最终决定。正在准备有关事件和随后恢复的详细法医报告。

Exploiter complies with safe harbor terms

剥削者符合安全港的条款

The exploit, which occurred on April 15, involved the unauthorized minting of roughly 111 million ZK tokens, or about $5 million at the time, through a compromised admin key.

该漏洞利用发生于4月15日，涉及通过折衷的管理员密钥未经授权的铸造，当时约有1.11亿个ZK令牌，或当时约500万美元。

The vulnerability was confined to ZKSync’s airdrop distribution contracts and did not affect the broader protocol infrastructure, ZK token contract, or governance operations.

该漏洞仅限于ZKSYNC的空投分配合同，并不影响更广泛的协议基础设施，ZK代币合同或治理操作。

The attacker bypassed standard allocation mechanisms and claimed unclaimed tokens from the network’s first distribution round. On-chain data later confirmed that the exploiter swapped approximately $3.5 million in stolen ZK tokens for Ethereum (ETH).

攻击者绕过了标准分配机制，并从网络的第一轮中声称无人认领的令牌。链上的数据后来证实，剥削者将大约350万美元的被盗ZK令牌交换为以太坊（ETH）。

ZKSync assured users that the incident did not compromise customer funds or core infrastructure.

ZKSYNC向用户保证，该事件不会损害客户资金或核心基础架构。

To avoid prolonged legal proceedings, ZKSync’s Security Council issued an on-chain message to the exploiter, offering a 10% bounty for returning 90% of the exploited funds.

为了避免延长法律程序，ZKSYNC的安全理事会向剥削者发出了链上的信息，为返还90％的被剥削资金提供了10％的赏金。

The proposal included specific wallet addresses for transferring ZK and ETH tokens across the ZKSync Era network and Ethereum’s mainnet by the stated deadline.

该提案包括特定的钱包地址，用于将ZK和ETH代币转移到ZKSYNC ERA网络上，以及陈述的截止日期。

The agreement was contingent on the full return of funds by the stated deadline. ZKSync confirmed the resolution of the matter with the assets successfully transferred, adding that it won’t take further action against the attacker.

该协议取决于规定的截止日期的全部资金回报。 ZKSYNC通过成功转让资产证实了此事的解决方案，并补充说，它不会对攻击者采取进一步的行动。

“We are pleased to announce that the exploiter has returned the stolen ZK tokens, and we have reached an agreement to resolve the incident,” the team said.

该团队说：“我们很高兴地宣布，剥削者已经返回了被盗的ZK令牌，我们已经达成了解决事件的协议。”

“The recovered assets are currently held by the ZKSync Security Council, and protocol governance will decide on their future use.”

“回收资产目前由ZKSYNC安全理事会持有，协议治理将决定其未来使用。”

The recovered assets are currently held by the ZKSync Security Council, and protocol governance will decide on their future use. A detailed forensic report on the incident and subsequent recovery is being prepared and will be shared shortly.

回收资产目前由ZKSYNC安全理事会持有，协议治理将决定其未来使用。正在准备有关事件和随后恢复的详细法医报告，并将在不久后分享。

According to the team, the incident has prompted renewed scrutiny over smart contract access controls, particularly regarding admin key security and airdrop mechanisms.

据该团队称，该事件对智能合约访问控制权进行了重新审查，尤其是有关管理员密钥安全性和空调机制的审查。

Despite the swift recovery, the exploit temporarily inflated the ZK token supply and triggered a market reaction.

尽管迅速恢复，但这种利用暂时使ZK令牌供应膨胀，并引发了市场反应。

Moreover, the price of ZK did not react to the news, with just a 0.5% increase since the ZKSync revealed the agreement and recovery of funds.

此外，ZK的价格对新闻没有反应，自ZKSYNC揭示了资金的协议和收回以来，ZK的价格仅增加了0.5％。

The post ZKSync fully recovers $5 million stolen in recent exploit appeared first on Chain Teller.

ZKSYNC帖子在​​最近的漏洞中完全恢复了500万美元，这是Chain Teller首次出现的。