<100 subscribers
Share Dialog
ZKsync is moving towards an Endgame, not the perfect ending after the super hero's great defeat of the BOSS in the movie, but the game over screen ending due to being too weak to be defeated.
Recently, the industry has collectively faced adversity, with frequent security incidents.
On the evening of April 15th, ZKsync, once known as one of the "Four Heavenly Kings" of L2, was exposed to a project token security incident, but the information was not first disclosed by the project side. At 21:00 last night, community members revealed that ZKsync minted 110 million tokens on the chain and has been continuously selling 6.6 million tokens on the chain, but according to token unlock information, the team and investor tokens are still locked.
Affected by this news, ZK plummeted below 0.04 USDT within half an hour, hitting a low of 0.03972 USDT. South Korean exchange Bithumb stated that it found security issues with ZK and temporarily suspended ZK deposit and withdrawal services until market stability is ensured. ZKsync officials also replied on the official Discord at this time, saying they are conducting an investigation.
Just as the community speculated that this incident was the project side's initiative to issue more tokens maliciously, ZKsync issued an announcement stating:
After investigation, this security incident was due to the leakage of the administrator account private keys of three airdrop distribution contracts and was invaded. The attacker called the sweepUnclaimed() function to mint about 1.11 billion unclaimed ZK tokens from the aidrop contract, increasing the circulating supply of tokens by about 0.45%, worth about 5 million USD. However, this attack only involved the ZK token airdrop distribution contract, and the ZKsync protocol, ZK token contract, all three governance contracts, and all active token plan upper limit minters were not affected by this incident. Currently coordinating with exchanges to resume work, advising the attacker to return funds and avoid bearing legal responsibility.
The investigation is still ongoing, and detailed updates will be announced later.
The actual token theft occurred two days ago.
However, the official explanation cannot convince the community - according to on-chain data, the hacker had already minted 1.11 billion tokens from the ZK token airdrop distribution contract at 20:00 (UTC+8) on April 13th and immediately began to continuously cross-chain transfer and sell. Up to now, the account only has about 4.468 million ZK left, worth about 2.12 million USD, still accounting for 0.34% of the token supply.
1.11 Billion ZK Tokens Suddenly Stolen, Is the Story of ZKsync Heading Towards an Endgame?
The hacker successfully attacked on April 13th.
Therefore, a preliminary conclusion can be drawn that the decline in ZK token prices last night was not entirely caused by the hacker's sales, but mainly due to the leakage of the theft scandal, causing a panic sell-off in the community.
Although the price of ZK tokens has now rebounded to above 0.045 USDT, it is worth considering that the airdrop tokens have already been stolen, but it was only disclosed by the community two days later. Was ZKsync really unaware or did they deliberately conceal to avoid community unrest? If ZKsync really learned about it through community channels and started the investigation, then one cannot help but sigh that this once top-tier project is also backed by a "grassroots team", being stolen and still unaware.
The community reasonably speculates whether this incident is an inside job of the custodian's self-theft, could the airdrop contract administrator account private key be kept by one person? At the same time, since the incident has occurred, how should the subsequent stolen funds be handled, can they be successfully frozen or repurchased? These issues are all pending for the team to answer. The final investigation results will also be continuously followed up by Odaily Planet Daily.
What kind of Endgame is ZKsync Heading Towards?
This incident also highlights the risks brought by centralized administrator permissions in an originally decentralized system. Strong account access control is equally important as smart contract security, and the security of administrator private keys will also significantly affect the security of cryptocurrency projects and should not be discussed separately.
However, while doubts loom, the hacker is still happily selling tokens, ZKsync's founder is still confidently stating on the X platform, "This attack incident, the project code was not leaked, it was only the leakage of the administrator private key, this is why ZK is the endgame
