.png)
2 days ago
1
ARTICLE AD BOX
ZKsync suffered a breach, resulting in $5 million in stolen ZK tokens. An admin account, particularly one with links to smart contracts responsible for airdrops, was compromised. The attacker used the function sweepUnclaimed() to mint 111 million tokens. The project developers have claimed that the incident happened because of compromised keys linked to the admin wallet. They further explained that three smart contracts were responsible for extracting the funds.
ZKsync reassured users that the breach only affected the airdrop services and did not extend to the users’ funds. ZKsync further elaborated that the breach did not affect the core protocol, governance contracts, or the ZK token contract. The project developers said that they were investigating the actual details of the breach and will release an investigative report once their findings are complete. This post-mortem analysis has become common with blockchain security breaches. There seem to be a lot of lessons to take from these breaches that may help future projects avoid the mistakes made in the past.
The attacker took control of the admin wallet and stole around $5 million in tokens. ZKsync is an Ethereum layer-2 project with zero-knowledge proofs. Despite the hack, the ZKsync team assured users that the core protocol and token contract remained secure. Despite these assurances, traders may still feel wary about trading the token. The main target of the attack was the airdrop tokens, which were meant to be used by future investors as a reward to entice users to engage with the protocol. Instead, the hacker stole all the airdrop tokens, leaving would-be investors without enticements.
ZKsync aims to scale Ethereum with low-cost fees and high-speed transactions. This seems like a worthy goal given the issues of usability regarding the Ethereum blockchain. Many of ZKsync’s investors were upset by the news. Some expressed suspicion that the hack affected their enticements and not the salaries of the development team. One user even said they all knew what happened, suggesting that the project team had something to do with the breach.
ZachXBT, a blockchain analyst, said last month that the government may need to introduce more regulation to stop the ever-evolving attacks occurring with crypto projects. He claimed that the crypto industry was ineffective at responding to crypto hacks and that an external body, such as a government, may need to step in to stop the chaos and unaccountability.
“This industry is unbelievably cooked”, wrote ZachXBT, “when it comes to exploits/hacks, and sadly, idk if the industry will fix this itself unless the government forcibly passes regulations that hurt our entire industry. Several ‘decentralized’ protocols have recently had nearly 100% of their monthly volume/fees derived from DPRK and refuse to take any accountability”.
The price of ZKsync crashed after the announcement, dropping around 20%. The drop may be partly due to the hacker cashing out all of the tokens. The price, however, recovered back to just a 12% drop, which is still a reasonable drop, but not catastrophic, unless further drops occur in the near future. Investors were concerned that the increased liquidity, from the hacker selling the tokens, would endanger their investments. But many resumed trading the token after the ZKsync development team reassured users that the attack was isolated to the airdrop contacts.
English (US)