Key Points:
Attackers stole 44.6 million ZK tokens and 1,800 ETH (total value of nearly $5 million) through an airdrop contract vulnerability
ZKsync proposed a "safe harbor" protocol via on-chain message: returning 90% of funds and retaining 10% as a legitimate bounty
The stolen funds are currently managed by the ZKsync Security Committee, and a governance procedure will be initiated to determine subsequent disposal
The incident caused ZK token to briefly plummet to $0.04, now recovering to around $0.05 (24-hour decline of 2.6%)
Industry Security Situation:
In Q1 2025, the crypto sector has lost $1.67 billion due to hacking/fraud, including:
▶ Ethereum as the largest victim network (98 incidents with losses of $1.54 billion)
▶ Bybit exchange vulnerability caused a single loss of $1.45 billion
▶ Private key leakage remains the primary attack method (15 incidents with losses of $142 million)
Fund recovery rate has sharply dropped to 0.38% (previous quarter was 42%), with zero recovery recorded in February
ZKsync emphasizes that user funds were never affected, and the protocol and token contracts remain secure. The project is set to become the first Layer-2 project to release a comprehensive attack traceability report in recent times.
