ZKSYNC在4月15日盗窃案中恢复了约570万美元的加密货币

与黑客达成协议后

A hacker has returned nearly $5.7 million in cryptocurrency stolen earlier this month from ZKsync, a popular Ethereum layer 2 solution, according to a statement by the company on Thursday.

根据该公司周四的一份声明，一名黑客在本月初从Zksync（一个流行的以太坊2层解决方案）返回了将近570万美元的加密货币。

The recovery marks a positive resolution to what could have been a more damaging security incident for ZKsync. It also highlights the use of on-chain messages and bounty offers in resolving cryptocurrency breaches.

恢复标志着ZKSYNC可能是更具破坏性的安全事件的积极解决方案。它还强调了在解决加密货币违规方面的链链和赏金报价的使用。

“We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline,” ZKsync said.

Zksync说：“我们很高兴分享黑客合作并归还了安全港截止日期的资金。”

The case is now considered resolved, as stated in the original Security Council message. The assets are now in custody of the Security Council, and the decision on what will be done with the funds will be determined through protocol governance.

如原始安全理事会消息所述，该案现在被认为已解决。这些资产现在由安全理事会保管，对资金将要做的事情的决定将通过协议治理确定。

Earlier this month, an unauthorized actor was able to gain access to ZKsync’s admin account. This access enabled the attacker to exploit the airdrop distribution contract’s sweepUnclaimed() function to mint 111 million unclaimed ZK tokens, valued at approximately $5 million at the time.

本月初，未经授权的演员能够访问ZKSYNC的管理帐户。此访问使攻击者能够利用Airdrop Distribution合同的SweepunClaimed（）功能为1.11亿无人认领的ZK令牌，当时价值约500万美元。

The breach occurred as ZKsync was distributing 17.5% of ZK’s token supply to participants in its ecosystem.

违规行为发生在ZKSYNC向其生态系统中的参与者分发ZK代币供应的17.5％。

According to ZKsync, the vulnerability was limited to the airdrop distribution contracts and did not affect the broader protocol infrastructure, ZK token contract, or governance operations.

根据Zksync的说法，该漏洞仅限于Airdrop分销合约，并不影响更广泛的协议基础设施，ZK代币合同或治理行动。

Following the attack, ZKsync’s Security Council took swift action by issuing an on-chain message to the hacker. The message offered a 10% bounty in exchange for the return of 90% of the exploited funds.

袭击发生后，ZKSYNC的安全理事会通过向黑客发出链上的信息来迅速采取行动。该消息提供了10％的赏金，以换取90％的被剥削资金的回报。

The proposal included specific wallet addresses for transferring both ZK and ETH tokens across the ZKsync Era network and Ethereum’s mainnet. The agreement was contingent on the full return of funds within a 72-hour “safe harbor” window.

该提案包括特定的钱包地址，用于将ZK和ETH令牌转移到ZKSYNC ERA网络和以太坊的Mainnet上。该协议取决于在72小时的“安全港”窗口内的全部资金返还。

On Thursday, the hacker agreed to these terms and transferred the stolen funds in three separate transactions.

周四，黑客同意了这些条款，并通过三项单独的交易转让了被盗资金。

Two of the transfers were made on the ZKsync Era blockchain and included 110 million ZK tokens (valued at around $2.47 million) and 777 ETH (approximately $1.83 million). The third transfer consisted of 776 ETH (worth nearly $1.4 million) sent to the security council’s Ethereum address.

其中两个转移是在ZKSYNC ERA区块链上进行的，其中包括1.1亿个ZK令牌（价值约为247万美元）和777 ETH（约合183万美元）。第三个转会包括发送到安全理事会的以太坊地址的776 ETH（价值近140万美元）。

All three transactions were completed within a 13-minute window, well within the 72-hour deadline set by ZKsync.

这三项交易均在一个13分钟的窗口内完成，均在ZKSYNC设定的72小时截止日期内。

The total value of the recovered assets actually exceeded the original $5 million stolen. This increase was due to price appreciation of both ZK and ETH tokens since April 15. ZK appreciated by 16.6% and ETH rose by 8.8%, according to CoinGecko data.

回收资产的总价值实际上超过了原来的500万美元被盗。根据Coingecko Data的数据，自4月15日以来，ZK和ETH代币的价格赞赏。根据Coingecko Data的数据，ZK升高了16.6％，ETH上涨了8.8％。

The recovered assets are now held in custody by the ZKsync Security Council. The final decision on how these funds will be used will be determined through protocol governance.

ZKSYNC安全理事会现在将收回的资产拘留。关于如何使用这些资金的最终决定将通过协议治理确定。

ZKsync has confirmed that with the successful transfer of the assets, they consider the matter resolved and won’t take further action against the attacker. The company plans to publish a detailed forensic report on the incident and subsequent recovery.

ZKSYNC已确认，随着资产的成功转移，他们认为此事已解决，并且不会对攻击者采取进一步的行动。该公司计划发布有关事件和随后恢复的详细法医报告。

Despite the good news of the recovery, the ZK token did not see a major price increase following the announcement. The token was reported to be down 0.2% over 24 hours after the recovery was announced.

尽管恢复了好消息，但ZK代币在宣布之后并没有看到重大价格上涨。据报道，该令牌在宣布恢复后24小时内下降了0.2％。

Throughout the ordeal, ZKsync has maintained that no user funds were compromised during the security breach. The vulnerability was specifically related to the airdrop distribution contracts and did not affect the core protocol.

在整个磨难中，ZKSYNC坚持认为，在安全漏洞期间，没有任何用户资金受到损害。该脆弱性与气盘分配合同特别相关，不影响核心协议。

ZKsync Era, the company’s main product, is an Ethereum layer 2 solution that uses zero-knowledge rollups to batch and process transactions off-chain. According to DefiLlama and RWA.xyz, it currently has nearly $59 million in total value locked on its chain and has over $2 billion in real-world assets on-chain.

ZKSYNC时代是该公司的主要产品，是一种以太坊2层解决方案，该解决方案使用零知识汇总来批处理和处理交易的链链。根据Defillama和RWA.XYZ的数据，目前，它的链条锁定了近5900万美元的总价值，并且在链上拥有超过20亿美元的实际资产。