ZKSync was hacked and "the attacker minted 100 million tokens". The hacker's sale caused Bithumb and other exchanges to urgently remove the tokens

04-16

This article is machine translated

Show original

Table of Contents

Ethereum Layer2 network ZKSync was shockingly hacked around 9 PM on April 15th! The official team confirmed the incident on the X platform around 10 PM, pointing out that their security team had confirmed an invaded administrative account that controlled ZK tokens worth about $5 million, which were unclaimed tokens from the ZKSync airdrop:

ZKSync's security team has confirmed an invaded administrative account controlling ZK tokens worth about $5 million, which are unclaimed tokens from the ZKSync airdrop. Necessary security measures are currently being taken.
All user funds are safe and have never been at risk. The ZKSync protocol and ZK token contract remain secure, with no other ZK tokens at risk.
This is an isolated incident caused by private key leakage, limited to the ZK token airdrop contract.
The investigation is ongoing, and detailed updates will be shared later today.

Attackers Quickly Transfer Stolen Assets

The event developed rapidly. According to Cyvers Alerts around 10:30 PM, after invading the account controlling $5 million in ZK tokens, the attackers quickly acted to exchange the tokens - they first transferred $1.7 million in ZK tokens via a cross-chain bridge to Ethereum and sent them to a HitBTC-related address along with 10 ETH, seemingly attempting to cash out.

ZKSync Update: Three Accounts Invaded, Hackers Mint Over 100 Million ZK Tokens

However, the severity of the situation was far from over! Around 11:30 PM, ZKSync officially updated the theft progress on the X platform, announcing that the investigation revealed three administrative accounts of airdrop distribution contracts were hacked. The serious consequence was that the hackers called a contract function and minted approximately 111 million unclaimed ZK tokens from the airdrop contract! ZKSync stated:

Update: Investigation shows three administrative accounts of airdrop distribution contracts were invaded. The invaded account address is: 0x842822c797049269A3c29464221995C56da5587D
The attackers called the sweepUnclaimed() function, minting approximately 111 million unclaimed ZK tokens from the airdrop contract. Minting transaction: https://era.zksync.network/tx/0x14b120ff26e8d678fdaa26eef81cf166cb8bc1a20e9bdef6a02fd2af2ee0071e
This incident is limited to the airdrop distribution contract, and all mintable funds in the contract have been minted, preventing further attacks through this method.
The ZKSync protocol, ZK token contract, three governance contracts, and all active token plans with minter restrictions are unaffected by this incident and will not be affected in the future.
The attackers currently still hold most of the funds in the following account: https://era.zksync.network/address/0xb1027ed67f89c9f588e097f70807163fec1005d3
We are working with @_seal_org and exchanges to coordinate fund recovery.
We encourage the attackers to contact security@zksync.io to negotiate fund return and avoid legal consequences.

Bithumb Suspends ZK Token Deposit and Withdrawal Services

After the incident, the Korean cryptocurrency exchange Bithumb quickly announced that due to discovering security issues with ZKSync, they have temporarily suspended ZK token deposit and withdrawal services. They warned investors that ZK tokens may experience significant volatility and advised caution. Services will be restored only after network security stabilizes, with a separate announcement to notify users.

ZK Token Briefly Drops to $0.03972

Affected by this, the ZK token briefly dropped to a low of $0.03972 around 9:30 PM on the 15th, but the current price has somewhat recovered, currently trading at $0.04562, with a nearly 24-hour decline of 8%.

Source

Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.

Add to Favorites

Comments

Relevant content

ABMedia

Trump claims China's military exercises around Taiwan have "continued for 20 years" and doesn't believe the situation has escalated! Market forecasts indicate the probability of an invasion is only 0.4%.

TechFlow

Using wallet tracking, he turned $50 into a millionaire at age 18.

ROCKY

5.22%

BlockTempo

Lighter's platform token, $LIT, has officially launched! The airdrop reached a staggering $675 million, with one Taiwanese high school student earning a whopping 6 million NT dollars in a single transaction.

LIT

4.6%