ZKSYNC在4月15日盜竊案中恢復了約570萬美元的加密貨幣

與黑客達成協議後

A hacker has returned nearly $5.7 million in cryptocurrency stolen earlier this month from ZKsync, a popular Ethereum layer 2 solution, according to a statement by the company on Thursday.

根據該公司週四的一份聲明，一名黑客在本月初從Zksync（一個流行的以太坊2層解決方案）返回了將近570萬美元的加密貨幣。

The recovery marks a positive resolution to what could have been a more damaging security incident for ZKsync. It also highlights the use of on-chain messages and bounty offers in resolving cryptocurrency breaches.

恢復標誌著ZKSYNC可能是更具破壞性的安全事件的積極解決方案。它還強調了在解決加密貨幣違規方面的鍊鍊和賞金報價的使用。

“We’re pleased to share that the hacker has cooperated and returned the funds within the safe harbor deadline,” ZKsync said.

Zksync說：“我們很高興分享黑客合作並歸還了安全港截止日期的資金。”

The case is now considered resolved, as stated in the original Security Council message. The assets are now in custody of the Security Council, and the decision on what will be done with the funds will be determined through protocol governance.

如原始安全理事會消息所述，該案現在被認為已解決。這些資產現在由安全理事會保管，對資金將要做的事情的決定將通過協議治理確定。

Earlier this month, an unauthorized actor was able to gain access to ZKsync’s admin account. This access enabled the attacker to exploit the airdrop distribution contract’s sweepUnclaimed() function to mint 111 million unclaimed ZK tokens, valued at approximately $5 million at the time.

本月初，未經授權的演員能夠訪問ZKSYNC的管理帳戶。此訪問使攻擊者能夠利用Airdrop Distribution合同的SweepunClaimed（）功能為1.11億無人認領的ZK令牌，當時價值約500萬美元。

The breach occurred as ZKsync was distributing 17.5% of ZK’s token supply to participants in its ecosystem.

違規行為發生在ZKSYNC向其生態系統中的參與者分發ZK代幣供應的17.5％。

According to ZKsync, the vulnerability was limited to the airdrop distribution contracts and did not affect the broader protocol infrastructure, ZK token contract, or governance operations.

根據Zksync的說法，該漏洞僅限於Airdrop分銷合約，並不影響更廣泛的協議基礎設施，ZK代幣合同或治理行動。

Following the attack, ZKsync’s Security Council took swift action by issuing an on-chain message to the hacker. The message offered a 10% bounty in exchange for the return of 90% of the exploited funds.

襲擊發生後，ZKSYNC的安全理事會通過向黑客發出鏈上的信息來迅速採取行動。該消息提供了10％的賞金，以換取90％的被剝削資金的回報。

The proposal included specific wallet addresses for transferring both ZK and ETH tokens across the ZKsync Era network and Ethereum’s mainnet. The agreement was contingent on the full return of funds within a 72-hour “safe harbor” window.

該提案包括特定的錢包地址，用於將ZK和ETH令牌轉移到ZKSYNC ERA網絡和以太坊的Mainnet上。該協議取決於在72小時的“安全港”窗口內的全部資金返還。

On Thursday, the hacker agreed to these terms and transferred the stolen funds in three separate transactions.

週四，黑客同意了這些條款，並通過三項單獨的交易轉讓了被盜資金。

Two of the transfers were made on the ZKsync Era blockchain and included 110 million ZK tokens (valued at around $2.47 million) and 777 ETH (approximately $1.83 million). The third transfer consisted of 776 ETH (worth nearly $1.4 million) sent to the security council’s Ethereum address.

其中兩個轉移是在ZKSYNC ERA區塊鏈上進行的，其中包括1.1億個ZK令牌（價值約為247萬美元）和777 ETH（約合183萬美元）。第三個轉會包括發送到安全理事會的以太坊地址的776 ETH（價值近140萬美元）。

All three transactions were completed within a 13-minute window, well within the 72-hour deadline set by ZKsync.

這三項交易均在一個13分鐘的窗口內完成，均在ZKSYNC設定的72小時截止日期內。

The total value of the recovered assets actually exceeded the original $5 million stolen. This increase was due to price appreciation of both ZK and ETH tokens since April 15. ZK appreciated by 16.6% and ETH rose by 8.8%, according to CoinGecko data.

回收資產的總價值實際上超過了原來的500萬美元被盜。根據Coingecko Data的數據，自4月15日以來，ZK和ETH代幣的價格讚賞。根據Coingecko Data的數據，ZK升高了16.6％，ETH上漲了8.8％。

The recovered assets are now held in custody by the ZKsync Security Council. The final decision on how these funds will be used will be determined through protocol governance.

ZKSYNC安全理事會現在將收回的資產拘留。關於如何使用這些資金的最終決定將通過協議治理確定。

ZKsync has confirmed that with the successful transfer of the assets, they consider the matter resolved and won’t take further action against the attacker. The company plans to publish a detailed forensic report on the incident and subsequent recovery.

ZKSYNC已確認，隨著資產的成功轉移，他們認為此事已解決，並且不會對攻擊者採取進一步的行動。該公司計劃發布有關事件和隨後恢復的詳細法醫報告。

Despite the good news of the recovery, the ZK token did not see a major price increase following the announcement. The token was reported to be down 0.2% over 24 hours after the recovery was announced.

儘管恢復了好消息，但ZK代幣在宣布之後並沒有看到重大價格上漲。據報導，該令牌在宣布恢復後24小時內下降了0.2％。

Throughout the ordeal, ZKsync has maintained that no user funds were compromised during the security breach. The vulnerability was specifically related to the airdrop distribution contracts and did not affect the core protocol.

在整個磨難中，ZKSYNC堅持認為，在安全漏洞期間，沒有任何用戶資金受到損害。該脆弱性與氣盤分配合同特別相關，不影響核心協議。

ZKsync Era, the company’s main product, is an Ethereum layer 2 solution that uses zero-knowledge rollups to batch and process transactions off-chain. According to DefiLlama and RWA.xyz, it currently has nearly $59 million in total value locked on its chain and has over $2 billion in real-world assets on-chain.

ZKSYNC時代是該公司的主要產品，是一種以太坊2層解決方案，該解決方案使用零知識匯總來批處理和處理交易的鍊鍊。根據Defillama和RWA.XYZ的數據，目前，它的鏈條鎖定了近5900萬美元的總價值，並且在鏈上擁有超過20億美元的實際資產。