ZKSYNC在黑客同意退还资金后，恢复了价值570万美元的加密货币

ZKSYNC在黑客同意退还大多数资金被盗之后，已成功收回了价值570万美元的加密货币

Cryptoeconomic security startup ZKsync has recovered nearly $5.7 million after a hacker agreed to return the majority of funds stolen during an April 15 security breach.

加密经济安全初创公司ZKSync在黑客同意在4月15日的安全违规中返回大多数资金后，已收回了近570万美元。

The recovery comes after the protocol’s Security Council offered a 10% bounty to the attacker in exchange for returning the remaining 90% of the stolen assets. The stolen funds were returned in three separate transfers on Sunday, all completed within a 72-hour “safe harbor” deadline set by the ZKsync team.

在协议安全委员会向袭击者提供10％的赏金之后，恢复是换回剩余的90％被盗资产的赏金。被盗的资金在周日的三个单独转移中退还了，所有资金均在ZKSYNC团队设定的72小时“安全港”截止日期内完成。

The recovery includes both ZK tokens and Ethereum (ETH) sent to designated addresses on the ZKsync Era network and Ethereum mainnet.

恢复包括ZK代币和以太坊（ETH）发送到ZKSYNC ERA网络和以太坊主网上的指定地址。

“We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline. As stated in the original Security Council message, the case is now considered resolved,” the ZKsync Association announced on X (formerly Twitter).

ZKSYNC协会在X（以前是Twitter）上宣布：“我们很高兴分享黑客合作并退还了安全港截止日期的资金。正如原始安全理事会的消息中所述，该案现在被认为是解决的。”

The announcement was later reshared by ZKsync’s official account and Matter Labs, the company behind the protocol.

该公告后来由ZKSYNC的官方帐户和物质实验室重新审查，该公司背后的公司。

The security incident stemmed from a compromised administrator account that gave the attacker unauthorized access to ZKsync’s airdrop distribution system. Using this access, the hacker exploited the sweepUnclaimed() function to mint 111 million ZK tokens that had not yet been claimed by users.

安全事件源于受损的管理员帐户，该帐户使攻击者未经授权访问ZKSYNC的Airdrop分发系统。使用此访问，黑客将SweepunClaimed（）函数利用为用户尚未要求的1.11亿个ZK令牌。

This exploit happened during ZKsync’s token distribution event, which was in the process of airdropping 17.5% of the total ZK token supply to participants in its ecosystem. The breach was confined to the distribution contracts and did not affect the core protocol infrastructure.

这种利用发生在ZKSYNC的代币分销事件中，该事件正处于其生态系统中参与者的ZK令牌供应总量的17.5％。违规行为仅限于分配合同，不影响核心协议基础设施。

After obtaining the tokens, the hacker converted approximately $3.5 million worth of the stolen ZK tokens to Ethereum, according to on-chain data. The total value of stolen assets was estimated at $5 million at the time of the hack.

根据链数据，该黑客获得了代币后，将大约350万美元的被盗ZK代币转换为以太坊。入侵时估计被盗资产的总价值为500万美元。

ZKsync quickly assured users that their personal funds remained safe throughout the incident. The team emphasized that the vulnerability was isolated to the airdrop mechanism and did not compromise any user wallets or the broader ZKsync network.

ZKSYNC迅速向用户保证，在整个事件中，他们的个人资金仍然安全。该团队强调，漏洞被隔离到空调机制，并且没有损害任何用户钱包或更广泛的ZKSYNC网络。

Rather than pursuing legal action immediately, ZKsync’s Security Council took a pragmatic approach to recovering the funds. They sent an on-chain message directly to the attacker with a simple offer: return 90% of the stolen funds and keep 10% as a bounty reward.

ZKSYNC的安全委员会没有立即采取法律诉讼，而是采取了务实的方法来收回资金。他们以简单的报价直接向攻击者发送了链上的消息：退还90％的被盗资金，并保留10％作为赏金奖励。

The council also provided specific wallet addresses for the return of both ZK tokens and ETH across the ZKsync Era network and Ethereum’s mainnet, with the agreement that all funds must be returned within the 72-hour deadline.

该委员会还提供了特定的钱包地址，用于在整个ZKSYNC ERA网络和以太坊的Mainnet中返回ZK令牌和ETH，并协议必须在72小时的截止日期内退还所有资金。

This strategy proved successful when the hacker initiated the first transfer at 2:39:57 pm UTC on Sunday. Two additional transfers followed within 13 minutes, completing the return of funds well within the established timeframe.

当黑客在周日下午2:39:57启动第一次转会时，该策略被证明是成功的。在13分钟内进行了另外两次转移，完成了既定时间范围内的资金回报。

The returned assets, now valued at nearly $5.7 million due to price increases in both ZK and ETH since the theft, are currently being held by the ZKsync Security Council. The final allocation of these recovered funds will be determined through the protocol’s governance process.

自盗窃以来，由于ZK和ETH的价格上涨，返回的资产现在价值近570万美元，目前由ZKSYNC安全理事会持有。这些收回资金的最终分配将通过协议的治理过程确定。

ZKsync has also committed to publishing a comprehensive forensic report detailing the security incident and recovery process. This report will likely provide additional insights into how the breach occurred and what measures are being implemented to prevent similar exploits in the future.

ZKSYNC还致力于发布一份全面的法医报告，详细介绍了安全事件和恢复过程。该报告可能会提供有关违规情况如何发生以及采取哪些措施来防止类似利用的措施的更多见解。

Despite the successful recovery, the ZK token price showed minimal reaction to the news. The token was actually down 0.2% over the 24 hours following the announcement.

尽管恢复成功，但ZK代币价格对新闻的反应很小。在宣布后的24小时内，令牌实际上下降了0.2％。

ZKsync Era, the layer 2 scaling solution affected by the breach, continues to operate normally. The platform uses zero-knowledge rollups to process Ethereum transactions more efficiently and at lower cost. Current metrics show nearly $59 million in total value locked on the chain and over $2 billion in real-world assets deployed through the protocol.

ZKSYNC ERA是受漏洞影响的第2层缩放解决方案，继续正常运行。该平台使用零知识汇总来更有效地以较低的成本处理以太坊交易。当前的指标显示，锁定在链条上的总价值将近5900万美元，通过协议部署的现实世界资产超过20亿美元。

The incident highlights an emerging trend in the cryptocurrency space where projects are offering bounties to incentivize the return of stolen funds, often proving more effective than traditional recovery methods. By avoiding lengthy legal proceedings, ZKsync was able to recover the assets quickly and without further disruption to their ecosystem.

该事件突出了加密货币领域的新兴趋势，在该空间中，项目提供赏金以激励被盗资金的回报，通常证明比传统的恢复方法更有效。通过避免长期的法律程序，Zksync能够快速收回资产，而不会进一步破坏其生态系统。