PANews reported on April 21 that ZKsync released an update on the progress of the investigation, mitigation measures, and follow-up actions regarding last week’s security incident: The investigation showed that the incident was caused by a leaked airdrop administrator key, which only affected three specific Merkle allocation contracts in the ZK token issuance in June 2024. Because the total supply of each allocation contract has been minted, additional ZK tokens cannot be minted, nor can they be further exploited through this method. The leaked key did not control other contracts, and only unclaimed airdrop tokens can be minted after the claim window expires. The ZKsync protocol, ZK token contract, governance contract, time lock, and active token program cap minter are not affected, and will not be in the future.
About 70% of the exploited assets are still in ZKsync Era, including about 45 million ZK and 1,021 ETH. As the only sorter on the Era chain, Matter Labs implements transaction filtering on affected accounts. Although Matter Labs is generally unable to respond to every potential smart contract incident, after consultation with the ZKsync Association, this special measure was taken because the unauthorized minting of ZK tokens involves protocol governance. Currently, ZKsync is upgrading to Phase 1 and promoting decentralized sorting, and Era is still running as a Phase 0 rollup, making this measure feasible. It should be noted that the ZKsync governance body and security committee can replace the sorter and remove the filter at any time. Transaction filtering will continue until the incident is resolved. The investigation is still ongoing and funds are being actively recovered. A detailed report will be released after the incident is fully resolved.
