Recommended

#BTCCOGWEEK: Celebrate the Classics of Meme Coins
Crypto Deposit Make instant crypto transfers to your futures account
USDT-M Perpetual Futures Trade futures contracts settled in USDT
VIP Fee Discounts Enjoy different fee discounts based on your VIP level
Coin-M Perpetual Futures Trade futures contracts settled in cryptocurrency
Fiat Deposit Buy your favourite coins in seconds
Affiliates Invite friends & get rewarded
Convert Covert your crypto instantly
Support Centre Find our FAQs here
Announcements Find all our official announcements
BTCC Academy Learn about blockchain and crypto
News The latest trends in the crypto market

Promotions

Referral
Campaigns
Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / Shibio /
Security Incident in ZKsync: Unauthorized Minting of 111 Million Tokens

Security Incident in ZKsync: Unauthorized Minting of 111 Million Tokens

Author:
Shibio
Published:
2025-04-16 01:16:25
18
1

ZKsync Breach: Hacker Mints 111M Unclaimed Tokens

A significant security breach has been reported in the ZKsync network, where an attacker successfully minted 111 million unclaimed tokens. This incident raises concerns about the protocol’s vulnerability and the potential impact on token holders. Investigations are underway to determine the exploit’s origin and mitigate further risks.

Details of ZKsync Breach: ‘Sweep’ Function Exploited

Investigators found the attacker specifically targeted a function within the airdrop contracts as part of the ZKsync breach. “The attacker called the sweepUnclaimed() function that minted approximately 111 million unclaimed ZK tokens from the airdrop contracts,” ZKsync reported. 

This action essentially generated new tokens from the pool designated for users who had not yet claimed their airdrop allocation. The transaction, publicly viewable on the ZKsync Era blockchain explorer, confirms the minting event tied to this security incident.

The scale of the ZKsync breach, involving 111 million tokens, significantly clarifies the initial, lower estimates. While the token’s value fluctuates, the quantity minted represents a substantial portion of the unclaimed airdrop supply. ZKsync moved quickly to contain the fallout from this specific vulnerability.

Aftermath of ZKsync Breach: Systems Secure, Recovery Underway

Despite the compromise affecting the airdrop, ZKsync officials reiterated that CORE infrastructure and user holdings remained safe following the ZKsync breach. “This incident is contained to the airdrop distribution contracts only,” the statement assured. “All the funds that could be minted [via this method] have been minted. No further exploits via this method are possible.”

The project explicitly confirmed the security of key components, separate from the specific point of failure in this breach. “The ZKsync protocol, ZK token contract, all three governance contracts, and all active Token Program capped minters have not been, and will not be impacted by this incident,” ZKsync stated.

Most of the minted tokens reportedly remain in an account controlled by the attacker (0xb1027ed67f89c9f588e097f70807163fec1005d3). ZKsync announced coordination efforts aimed at recovery. “We’re coordinating the recovery efforts with @_seal_org and exchanges,” the team said, referring to the Seal 911 initiative which helps victims of crypto hacks.

In a direct appeal, ZKsync also addressed the attacker. “We’re encouraging the attacker to get in touch with [email protected] to negotiate the return of the funds and avoid legal liability.” The ZKsync breach highlights ongoing security challenges in managing administrative access and smart contracts within the complex world of blockchain protocols and token distributions. ZKsync functions as a Layer 2 network designed to make Ethereum transactions faster and cheaper.

Read More

Yona has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Daily is an official media and publication of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service
Social Media

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved