PANews reported on April 25 that ZKsync released an investigation report on a previous security incident involving 5 million USD in ZK tokens. On April 13, attackers used stolen administrator keys to mint 11.18 million unclaimed ZK tokens from three airdrop distribution contracts and exchanged approximately 6.71 million of them for 1,116 ETH within the next two days. The development team Matter Labs immediately froze the related accounts after discovering abnormalities on April 15. After the ZKsync security committee issued a 72-hour "safe harbor" ultimatum, the attackers returned 90% of the funds on April 23 and received a 10% bounty. The remaining funds are currently held by the security committee, with subsequent disposal to be determined by community governance. The investigation revealed that the incident originated from an insecure 1/1 multi-signature management mode in the airdrop contracts, which retained a token minting function that should have been removed.
ZKsync stated that the incident only affected three specific airdrop distribution contracts, and the mainnet protocol and governance system were not compromised. To prevent similar incidents, the project will implement improvements such as regular multi-signature rotation and upgrading monitoring systems. The recovered ETH will be gradually converted to ZK tokens, with the final return plan subject to a token council vote. The investigation showed that the keys might have been leaked from a former employee's account, with no evidence of malicious intent.
