On April 25, according to official sources, ZKsync announced that on April 13, a hacker illegally minted 110 million ZK tokens, worth approximately $5 million, from the Merkle distribution contract for the ZKsync 2024 June airdrop using a stolen administrator account.
The Matter Labs team confirmed the scope of the incident on April 15 and launched an investigation with the ZKsync Association and Foundation. The incident only involved three specific airdrop contracts, and all tokens had been minted, with no further utilization possible through the administrator key.
On April 23, after the ZKsync Security Committee proposed a "safe harbor" plan, the hacker returned all funds. The funds are currently held in escrow by the Security Committee, and their specific handling will be determined through community governance.
