Recently, the industry has faced a collective downturn, with frequent security incidents.
On the evening of April 15, ZKsync, once one of the "four kings" of L2, was exposed in a token security incident, but the information was not disclosed by the project team first. At 21:00 last night, community members revealed that ZKsync had minted 110 million tokens on-chain and had continuously sold 66 million tokens on-chain, but according to the token unlock information, the team and investors' tokens were still locked.
As a result of this news, ZK fell below 0.4 USDT within half an hour, reaching a low of 0.03972 USDT. The South Korean exchange Bithumb announced that it had discovered security issues with ZK and temporarily suspended ZK deposit and withdrawal services until market stability was ensured. At this time, ZKsync's official Discord also responded that an investigation was underway.
While the community speculated that this incident was a deliberate act of the project team to increase token issuance, ZKsync released an announcement stating:
After investigation, this security incident was caused by the leakage of the administrator account key of three airdrop distribution contracts, which led to the breach. The attacker called the sweepUnclaimed() function and minted approximately 110 million unclaimed ZK tokens from the airdrop contract, increasing the circulating token supply by about 0.45%, valued at approximately 5 million USD. However, this attack only involved the ZK token airdrop distribution contract, and the ZKsync protocol, ZK token contract, all three governance contracts, and all active token cap minters were not affected by this incident. We are currently coordinating with exchanges to restore operations and recommend that the attacker return the funds to avoid legal liability.
The investigation is still ongoing, and detailed updates will be released later.
The actual time of the token theft was two days ago
However, the official explanation did not convince the community—according to on-chain data, the hacker had already minted 110 million tokens from the ZK token airdrop distribution contract at 20:00 on April 13 (UTC+8) and immediately began transferring and selling them across chains. As of now, that account has approximately 44.68 million ZK tokens left, valued at about 2.12 million USD, still accounting for 0.34% of the token supply.
The hacker successfully attacked on April 13
Therefore, a preliminary conclusion can be drawn that the drop in ZK token prices last night was not solely caused by the hacker's sell-off, but mainly due to the leak of the theft scandal, which triggered panic selling in the community.
Although the ZK token price has now risen above 0.045 USDT, it is worth pondering that the airdrop tokens had already been stolen, yet the community only disclosed this two days later. Was ZKsync truly unaware or did they deliberately conceal it to avoid community unrest? If ZKsync only became aware of the situation through community channels and initiated an investigation, it is lamentable that this once top-tier project is backed by a group of "amateurs," completely oblivious to the theft.
The community reasonably speculates whether this incident was an inside job, questioning if the airdrop contract administrator account key was managed by a single person. Furthermore, since the incident has occurred, how will the stolen funds be handled? Can they be successfully frozen or repurchased? These questions await answers from the team. Odaily Planet Daily will continue to follow up on the final investigation results.
What kind of endgame is ZKsync heading towards?
This incident also highlights the risks posed by centralized administrative privileges in an originally decentralized system. Strong account access control and smart contract security are equally important; the security of administrator keys can severely impact the safety of crypto projects and should not be treated separately.
However, amidst the uncertainty, while the hacker is happily selling tokens, ZKsync's founder confidently stated on the X platform that "In this attack incident, the project code was not leaked, only the administrator key was leaked, which is why ZK is the endgame."
ZK verification and other technologies have long been touted as having better security than optimistic proofs (Op) and were once considered the ultimate technical form of Ethereum L2, known as Endgame. However, although this token theft incident did not involve the core project token, the protective measures for the airdrop distribution contract were too weak, akin to a high-tech building with walls filled with straw from ancient times.
When faced with the community's question, "As one of the leaders in the ZK field, why didn't you foresee this attack?" ZKsync's founder shamelessly responded that "it was impossible to foresee a black swan." The theft of privileged account keys is one of the most common attack methods for blockchain projects, just like the phishing attacks users face daily. ZKsync's failure to strengthen protective security measures in advance and defining everything as a black swan reflects a weak security awareness within the team.
Additionally, how does ZKsync perform in practical applications? According to DeFiLlama data, ZKsync currently has a TVL of 55.29 million USD, ranking 52nd, while its 24-hour chain revenue is only 2,178 USD, with daily revenue falling below 5,000 USD since September 2024. In contrast, Arbitrum's daily revenue still exceeds 10,000 USD. ZKsync has become a veritable "ghost chain."
ZKsync is heading towards Endgame, which is not the perfect ending after superheroes defeat the boss in a movie, but rather a black screen ending in a game due to being too weak. However, before being completely wiped out, I hope ZKsync can first save the trapped investors.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
