ZKsync Security Breach Report
ZKsync has recently shared information regarding a security breach reported on the X platform. The breach was traced back to the compromise of an essential key that managed airdrop processes, which was incorporated in three designated Merkle distribution contracts tied to the issuance of the ZK token scheduled for June 2024.
Fortunately, since all tokens from these distribution contracts have been completely issued, it is now impossible to mint any additional ZK tokens through this avenue, effectively eliminating the potential for further attacks via this method.
Details of the Compromise
The compromised key has been confirmed to lack the authority to manipulate any other contracts or perform operations beyond minting unclaimed tokens, which will only be available after the airdrop claim period concludes.
At present, Matter Labs serves as the sole sorter for the ZKsync Era chain. The current system is under strain as Matter Labs is not equipped to manage all possible complications arising from a single smart contract scenario. Their team is actively engaged in transitioning ZKsync to its Phase 1 decentralized sorting capabilities.
Ongoing Inquiry and Governance
Currently, ZKsync Era operates under a Phase 1 Rollup status. It is important to note that the ZKsync Governance and Security Committee retains the power to appoint a new sorter and eliminate all filters whenever deemed necessary.
“The inquiry into this security incident is ongoing, and the team is making substantial efforts aimed at recovering any misappropriated funds.”
