ZKSYNC接受10％的赏金后，返回了将近570万美元的被盗代币

接受10％的赏金后，返还了将近570万美元的被盗代币。该漏洞来自受损的管理地址，允许攻击者在合同中调用SweepunClaimed（）功能

Cybercriminals stole nearly $5.7 million worth of ZK tokens from ZKsync on April 20, prompting the protocol to offer a 10% bounty and threaten legal action if the tokens weren't returned within 72 hours. In response, the attacker returned the stolen tokens and accepted the bounty, returning the tokens within the 72-hour window.

网络犯罪分子于4月20日从ZKSync偷走了价值近570万美元的ZK令牌，促使该协议在72小时内未返回，该协议将提供10％的赏金并威胁法律诉讼。作为回应，攻击者返回了被盗的令牌并接受了赏金，并在72小时的窗口内返回了令牌。

The vulnerability came from a compromised administrative address that allowed the attacker to call the sweepUnclaimed() function in the contract, enabling them to mint approximately 111 million unclaimed ZK tokens.

该漏洞来自折衷的行政地址，该地址允许攻击者在合同中调用SweepunClaimed（）功能，使他们能够铸造约1.11亿无人认领的ZK令牌。

The attacker transferred the stolen tokens on April 23 in three transactions, including about $2.47 million in ZK tokens and $1.83 million in ETH to the ZKsync Security Council’s address on the ZKsync Era blockchain. An additional 776 ETH, worth around $1.4 million, was sent to their Ethereum address.

袭击者于4月23日将被盗的令牌转移到了三笔交易中，其中包括约247万美元的ZK令牌和183万美元的ETH，转移到了ZKSYNC安全委员会在ZKSYNC ERA区块链上的地址。额外的776 ETH价值约140万美元，被发送到他们的以太坊地址。

The return occurred within a 72-hour window offered by ZKsync, which promised no legal consequences and a 10% bounty in exchange for the safe return of the stolen tokens.

回报发生在ZKSYNC提供的72小时窗口内，该窗口保证不会产生法律后果，10％的赏金以换取被盗令牌的安全返回。

According to CertiK, $1.67 billion was lost in the first quarter due to hacks, scams, and exploits, with Ethereum-based projects accounting for most losses—nearly $1.54 billion across 98 incidents. Immunefi reported $1.6 billion in stolen funds just in January and February. Private key compromises led to $142.3 million in losses over 15 incidents in Q1. Recovery rates have dropped significantly, with only 0.38% of stolen crypto being recovered this quarter, down from 42% in the previous one.

根据Certik的说法，由于黑客，骗局和漏洞利用，第一季度损失了16.7亿美元，基于以太坊的项目造成了大多数损失，在98起事件中造成了15.4亿美元的损失。 Immunefi在1月和2月报告了16亿美元的盗窃资金。私钥妥协导致第1季度的15起事件造成了1.423亿美元的损失。恢复率显着下降，本季度只有0.38％的被盗加密货币从前一个中的42％下降。