ZKSYNC接受10％的賞金後，返回了將近570萬美元的被盜代幣

接受10％的賞金後，返還了將近570萬美元的被盜代幣。該漏洞來自受損的管理地址，允許攻擊者在合同中調用SweepunClaimed（）功能

Cybercriminals stole nearly $5.7 million worth of ZK tokens from ZKsync on April 20, prompting the protocol to offer a 10% bounty and threaten legal action if the tokens weren't returned within 72 hours. In response, the attacker returned the stolen tokens and accepted the bounty, returning the tokens within the 72-hour window.

網絡犯罪分子於4月20日從ZKSync偷走了價值近570萬美元的ZK令牌，促使該協議在72小時內未返回，該協議將提供10％的賞金並威脅法律訴訟。作為回應，攻擊者返回了被盜的令牌並接受了賞金，並在72小時的窗口內返回了令牌。

The vulnerability came from a compromised administrative address that allowed the attacker to call the sweepUnclaimed() function in the contract, enabling them to mint approximately 111 million unclaimed ZK tokens.

該漏洞來自折衷的行政地址，該地址允許攻擊者在合同中調用SweepunClaimed（）功能，使他們能夠鑄造約1.11億無人認領的ZK令牌。

The attacker transferred the stolen tokens on April 23 in three transactions, including about $2.47 million in ZK tokens and $1.83 million in ETH to the ZKsync Security Council’s address on the ZKsync Era blockchain. An additional 776 ETH, worth around $1.4 million, was sent to their Ethereum address.

襲擊者於4月23日將被盜的令牌轉移到了三筆交易中，其中包括約247萬美元的ZK令牌和183萬美元的ETH，轉移到了ZKSYNC安全委員會在ZKSYNC ERA區塊鏈上的地址。額外的776 ETH價值約140萬美元，被發送到他們的以太坊地址。

The return occurred within a 72-hour window offered by ZKsync, which promised no legal consequences and a 10% bounty in exchange for the safe return of the stolen tokens.

回報發生在ZKSYNC提供的72小時窗口內，該窗口保證不會產生法律後果，10％的賞金以換取被盜令牌的安全返回。

According to CertiK, $1.67 billion was lost in the first quarter due to hacks, scams, and exploits, with Ethereum-based projects accounting for most losses—nearly $1.54 billion across 98 incidents. Immunefi reported $1.6 billion in stolen funds just in January and February. Private key compromises led to $142.3 million in losses over 15 incidents in Q1. Recovery rates have dropped significantly, with only 0.38% of stolen crypto being recovered this quarter, down from 42% in the previous one.

根據Certik的說法，由於黑客，騙局和漏洞利用，第一季度損失了16.7億美元，基於以太坊的項目造成了大多數損失，在98起事件中造成了15.4億美元的損失。 Immunefi在1月和2月報告了16億美元的盜竊資金。私鑰妥協導致第1季度的15起事件造成了1.423億美元的損失。恢復率顯著下降，本季度只有0.38％的被盜加密貨幣從前一個中的42％下降。