Gushiken Yona
An attacker minted 111 million ZK tokens today. This followed a significant ZKsync breach involving a compromised administrative account tied to the project’s airdrop. The unauthorized tokens came from an unclaimed pool. ZKsync confirmed the details, as the news pushed the ZK token price down about 13 percent.
The incident, first flagged by security firms, involved an admin key controlling three specific airdrop distribution contracts. ZKsync identified the compromised account address as 0x842822c797049269A3c29464221995C56da5587D in a statement posted on the social media platform X, providing clarity on the ZKsync breach.
Details of ZKsync Breach: ‘Sweep’ Function Exploited
Investigators found the attacker specifically targeted a function within the airdrop contracts as part of the ZKsync breach. “The attacker called the sweepUnclaimed() function that minted approximately 111 million unclaimed ZK tokens from the airdrop contracts,” ZKsync reported.
This action essentially generated new tokens from the pool designated for users who had not yet claimed their airdrop allocation. The transaction, publicly viewable on the ZKsync Era blockchain explorer, confirms the minting event tied to this security incident.
The scale of the ZKsync breach, involving 111 million tokens, significantly clarifies the initial, lower estimates. While the token’s value fluctuates, the quantity minted represents a substantial portion of the unclaimed airdrop supply. ZKsync moved quickly to contain the fallout from this specific vulnerability.
Aftermath of ZKsync Breach: Systems Secure, Recovery Underway
Despite the compromise affecting the airdrop, ZKsync officials reiterated that core infrastructure and user holdings remained safe following the ZKsync breach. “This incident is contained to the airdrop distribution contracts only,” the statement assured. “All the funds that could be minted [via this method] have been minted. No further exploits via this method are possible.”
The project explicitly confirmed the security of key components, separate from the specific point of failure in this breach. “The ZKsync protocol, ZK token contract, all three governance contracts, and all active Token Program capped minters have not been, and will not be impacted by this incident,” ZKsync stated.
Most of the minted tokens reportedly remain in an account controlled by the attacker (0xb1027ed67f89c9f588e097f70807163fec1005d3). ZKsync announced coordination efforts aimed at recovery. “We’re coordinating the recovery efforts with @_seal_org and exchanges,” the team said, referring to the Seal 911 initiative which helps victims of crypto hacks.
In a direct appeal, ZKsync also addressed the attacker. “We’re encouraging the attacker to get in touch with [email protected] to negotiate the return of the funds and avoid legal liability.” The ZKsync breach highlights ongoing security challenges in managing administrative access and smart contracts within the complex world of blockchain protocols and token distributions. ZKsync functions as a Layer 2 network designed to make Ethereum transactions faster and cheaper.
Read More
- Shibarium Devs Get Direct Line to Core Team via New Channel
- Shiba Inu Price Teases Climb Amid Bullish Chart Signals
- Shiba Inu Price Nears Key Level in a Bid for 67% Breakout
Yona has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Daily is an official media and publication of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
